| 1 |
On Wed, Jul 18, 2012 at 3:40 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> So your initramfs doesn't include network tools such as ping, |
| 3 |
> traceroute or wget. Fine. Fundamentally speaking, why shouldn't |
| 4 |
> someone else's? |
| 5 |
|
| 6 |
So, an initramfs is just a piece of kernel functionality. You can do |
| 7 |
almost ANYTHING in an initramfs, subject to the limitation that it is |
| 8 |
stored in RAM without any backing store. |
| 9 |
|
| 10 |
There are lots of reasons to use an initramfs, and the biggest ones |
| 11 |
don't pertain much to Gentoo. Here are some of the big use cases: |
| 12 |
|
| 13 |
1. One-size-fits-all kernel. You want to support root and /usr on |
| 14 |
any filesystem, on any kind of hard drive, or on a SAN, or who knows |
| 15 |
where. That either means saying Y to every driver in the kernel, or |
| 16 |
saying M and using an initramfs to load what is needed to get to root. |
| 17 |
|
| 18 |
2. One-size-fits-all grub config. You put the smarts in the |
| 19 |
initramfs, and use filesystem labels and such to identify partitions. |
| 20 |
|
| 21 |
3. Use of labels/UUIDs on partitions. When mdadm decides to renumber |
| 22 |
half your devices on a whim or you add a drive and everything bubbles |
| 23 |
down by one, your system still boots. |
| 24 |
|
| 25 |
4. Cleaner mounting of root, ability to fsck on initial mount, etc. |
| 26 |
|
| 27 |
5. When something goes wrong you can get a dash/bash shell instead of |
| 28 |
a grub shell. The former is clearly more useful even if you don't |
| 29 |
have firefox+X11 in your initramfs. |
| 30 |
|
| 31 |
6. Support for booting off of stuff that the kernel can't find on its |
| 32 |
own, like SANs/etc. That might require network support in the |
| 33 |
initramfs, and that usually isn't a big deal. If somebody can spoof |
| 34 |
DNS on your fiber channel interface you've got bigger problems. |
| 35 |
|
| 36 |
Sure, the more you do with the initramfs the bigger the potential |
| 37 |
security risks. Most distros don't have users build either kernels or |
| 38 |
initramfs which means they can just push updates, but that requires #1 |
| 39 |
above, which I think most Gentoo users would not appreciate. |
| 40 |
|
| 41 |
However, the initramfs shouldn't leave much of anything running after |
| 42 |
it chroots, so the window should be fairly small. |
| 43 |
|
| 44 |
Rich |
Archives