1 |
On 01/29/2019 12:01 PM, Rich Freeman wrote: |
2 |
> Not sure why you would think this. It is just a cpio archive of a root |
3 |
> filesystem that the kernel runs as a generic bootstrap. |
4 |
|
5 |
IMHO the simple fact that such is used when it is not needed is ugly part. |
6 |
|
7 |
> This means that your bootstrap for initializing your root and everything |
8 |
> else can use any userspace tool that exists for linux. |
9 |
|
10 |
Why would I want to do that if I don't /need/ to do that? |
11 |
|
12 |
I can use IPs on VXLAN VTEPs to communicate between two hosts in the |
13 |
same L2 broadcast domain too. But why would I want to do that when the |
14 |
simple IP address on the Ethernet interface will suffice? |
15 |
|
16 |
> A similar concept lies at the heart of coreboot - using a generic |
17 |
> kernel/userpace as a firmware bootloader making it far more flexible. |
18 |
|
19 |
Coreboot is not part of the operating system. |
20 |
|
21 |
If you want to talk about the kernel in coreboot taking over the |
22 |
kernel's job and removing the boot loader + (2nd) kernel, I'm interested |
23 |
in discussing. |
24 |
|
25 |
> An initramfs is basically just a fairly compact linux distro. It works |
26 |
> the same as any distro. |
27 |
|
28 |
IP over the VXLAN VTEP works the same as IP over Ethernet too. |
29 |
|
30 |
The simple fact that there are two distros (kernel & init scripts) that |
31 |
run in succession when there is no /need/ for them is the ugly bit. |
32 |
|
33 |
Why stop at two distros? Why not three or four or more? |
34 |
|
35 |
> The kernel runs init, and init does its thing. By convention that init |
36 |
> will mount the real root and then exec the init inside, but it doesn't |
37 |
> have to work that way. Heck, you can run a system with nothing but an |
38 |
> initramfs and no other root filesystem. |
39 |
|
40 |
You can also run a system in the halt run level with everything mounted |
41 |
read-only. I used to run firewalls this way. Makes them really hard to |
42 |
modify without rebooting and altering how they boot. }:-) |
43 |
|
44 |
> Linus would disagree with you there, and has said as much publicly. |
45 |
> He does not consider initialization to be the responsibility of kernel |
46 |
> space long-term, and prefers that this happen in user-space. |
47 |
|
48 |
~chuckle~ That wouldn't be the first or last time that Linus disagreed |
49 |
with someone. |
50 |
|
51 |
> Some of the lvm and mdadm support remains for legacy reasons, but you |
52 |
> probably won't see initialization of newer volume/etc managers supported |
53 |
> directly in the kernel. |
54 |
> |
55 |
> |
56 |
> That is news to me. Obviously it needs whatever drivers it needs, but |
57 |
> I don't see why it would care if they are built in-kernel vs in-module. |
58 |
|
59 |
O.o‽ |
60 |
|
61 |
How is a kernel going to be able to mount the root file system if it |
62 |
doesn't have the driver (and can't load) for said root file system type? |
63 |
Or how is it going to extract the initramfs if it doesn't have the |
64 |
driver for a ram disk? |
65 |
|
66 |
The kernel /must/ have (at least) the minimum drivers (and dependencies) |
67 |
to be able to boot strap. It doesn't matter if it's boot strapping an |
68 |
initramfs or otherwise. |
69 |
|
70 |
All of these issues about lack of a driver are avoided by having the |
71 |
driver statically compiled into the kernel. |
72 |
|
73 |
IMHO a kernel and a machine is quite a bit more secure if it doesn't |
74 |
support modules. Almost all of the root kits that I've seen require |
75 |
modules. So the root kits are SIGNIFICANTLY impeded if not completely |
76 |
broken if the kernel doesn't support modules. |
77 |
|
78 |
> Sure, if you want to know exactly how it works that is true, but the |
79 |
> same is true of openrc or any other piece of software on your system. |
80 |
|
81 |
Yep. |
82 |
|
83 |
I think it's a LOT easier to administer a system that I understand how |
84 |
and why it works. |
85 |
|
86 |
> Dracut is highly modular and phase/hook-driven so it isn't too hard |
87 |
> to grok. Most of it is just bash/dash scripts. |
88 |
|
89 |
That may be the case. But why even spend time with it if it's not |
90 |
actually /needed/. |
91 |
|
92 |
|
93 |
|
94 |
-- |
95 |
Grant. . . . |
96 |
unix || die |