| 1 |
On 06/22/2013 12:07 PM, Pacho Ramos wrote: |
| 2 |
> After talking with WilliamH yesterday, I have this opinion: |
| 3 |
> - Playing with /sbin/init (instead of /sbin/einit) has two interesting |
| 4 |
> advantages: |
| 5 |
> 1. For example, I now have init=/sbin/e4rat-preload in my grub.conf, if |
| 6 |
> I do a typo, it would fallback to /sbin/init. If /sbin/init is provided |
| 7 |
> by sysvinit, people running other init providers could have problems. |
| 8 |
> This wouldn't occur if /sbin/init has been changed to use desired init |
| 9 |
> system. |
| 10 |
> 2. Tools like e4rat or bootchart launch /sbin/init, if I switch to |
| 11 |
> systemd, I would need to edit separate configuration files for each tool |
| 12 |
> to point to new init. This wouldn't occur if we "play" with /sbin/init |
| 13 |
> => we would only change init in one place |
| 14 |
good point. maybe a ton other wrapper of that kind. shouldn't they read |
| 15 |
/proc/cmdline for init=^H^H^H^H^Hreal_init= , but that takes time. |
| 16 |
|
| 17 |
> - I have two doubts: |
| 18 |
> 1. Why do we need a wrapper instead of changing symlinks? |
| 19 |
And a plain symlink has the charm to either resolve (and load and most |
| 20 |
likely execure the target) or dangles and kernel tries the next one. |
| 21 |
No late, wrapper bailouts leaving the kernel in "You killed pid 1" panic. |
| 22 |
|
| 23 |
=== kexec === |
| 24 |
speaking of panic. I've never actually used it, but newer kernels |
| 25 |
support kexec and in conjunction with pre-loaded panic-images[1] and |
| 26 |
corresponding (compiled-in) initramfs, it'd be possible to have an |
| 27 |
recovery shell. for either /sbin/init mixups, or late runtime crashes. |
| 28 |
These should have a the decency to respect the panic= timeout to allow |
| 29 |
automated reboots or idle till to the end of days. |
| 30 |
|
| 31 |
[sad enought, that kexec'd kernels don't pick up the process tables/heap |
| 32 |
of their predecessors and enable real kernel-hotswitching] |
| 33 |
|
| 34 |
=== more fallback == |
| 35 |
maybe we could ask Mr. Tovalds to ad another line in init/main.c, say |
| 36 |
/sbin/init.fallback (but don't mention systemd) or we could abuse |
| 37 |
/etc/init or /bin/init or /sbin/sh (with an wrapper to test for PID=1) |
| 38 |
for an recovery-environment. |
| 39 |
Fabio: did you mean that? |
| 40 |
|
| 41 |
=== security === |
| 42 |
Bailing into /bin/sh or whatever can compromise filesystem |
| 43 |
integrity/reveal root access to an uncrypted rootfs. |
| 44 |
There is a scenario of vandalism-proof installed computer pools (no |
| 45 |
physical access except keyboard/monitor) w/ unattended boot that should |
| 46 |
not end up in root-shell. ;-) Maybe I should fix that on my systems ... |
| 47 |
|
| 48 |
[1] sys-apps/kexec-tools http://kernel.org/pub/linux/utils/kernel/kexec/ |
| 49 |
|
| 50 |
-- |
| 51 |
Michael Weber |
| 52 |
Gentoo Developer |
| 53 |
web: https://xmw.de/ |
| 54 |
mailto: Michael Weber <xmw@g.o> |
Archives