1 |
On 06/22/2013 12:07 PM, Pacho Ramos wrote: |
2 |
> After talking with WilliamH yesterday, I have this opinion: |
3 |
> - Playing with /sbin/init (instead of /sbin/einit) has two interesting |
4 |
> advantages: |
5 |
> 1. For example, I now have init=/sbin/e4rat-preload in my grub.conf, if |
6 |
> I do a typo, it would fallback to /sbin/init. If /sbin/init is provided |
7 |
> by sysvinit, people running other init providers could have problems. |
8 |
> This wouldn't occur if /sbin/init has been changed to use desired init |
9 |
> system. |
10 |
> 2. Tools like e4rat or bootchart launch /sbin/init, if I switch to |
11 |
> systemd, I would need to edit separate configuration files for each tool |
12 |
> to point to new init. This wouldn't occur if we "play" with /sbin/init |
13 |
> => we would only change init in one place |
14 |
good point. maybe a ton other wrapper of that kind. shouldn't they read |
15 |
/proc/cmdline for init=^H^H^H^H^Hreal_init= , but that takes time. |
16 |
|
17 |
> - I have two doubts: |
18 |
> 1. Why do we need a wrapper instead of changing symlinks? |
19 |
And a plain symlink has the charm to either resolve (and load and most |
20 |
likely execure the target) or dangles and kernel tries the next one. |
21 |
No late, wrapper bailouts leaving the kernel in "You killed pid 1" panic. |
22 |
|
23 |
=== kexec === |
24 |
speaking of panic. I've never actually used it, but newer kernels |
25 |
support kexec and in conjunction with pre-loaded panic-images[1] and |
26 |
corresponding (compiled-in) initramfs, it'd be possible to have an |
27 |
recovery shell. for either /sbin/init mixups, or late runtime crashes. |
28 |
These should have a the decency to respect the panic= timeout to allow |
29 |
automated reboots or idle till to the end of days. |
30 |
|
31 |
[sad enought, that kexec'd kernels don't pick up the process tables/heap |
32 |
of their predecessors and enable real kernel-hotswitching] |
33 |
|
34 |
=== more fallback == |
35 |
maybe we could ask Mr. Tovalds to ad another line in init/main.c, say |
36 |
/sbin/init.fallback (but don't mention systemd) or we could abuse |
37 |
/etc/init or /bin/init or /sbin/sh (with an wrapper to test for PID=1) |
38 |
for an recovery-environment. |
39 |
Fabio: did you mean that? |
40 |
|
41 |
=== security === |
42 |
Bailing into /bin/sh or whatever can compromise filesystem |
43 |
integrity/reveal root access to an uncrypted rootfs. |
44 |
There is a scenario of vandalism-proof installed computer pools (no |
45 |
physical access except keyboard/monitor) w/ unattended boot that should |
46 |
not end up in root-shell. ;-) Maybe I should fix that on my systems ... |
47 |
|
48 |
[1] sys-apps/kexec-tools http://kernel.org/pub/linux/utils/kernel/kexec/ |
49 |
|
50 |
-- |
51 |
Michael Weber |
52 |
Gentoo Developer |
53 |
web: https://xmw.de/ |
54 |
mailto: Michael Weber <xmw@g.o> |