| 1 |
On 01/29/2019 12:01 PM, Rich Freeman wrote: |
| 2 |
> Not sure why you would think this. It is just a cpio archive of a root |
| 3 |
> filesystem that the kernel runs as a generic bootstrap. |
| 4 |
|
| 5 |
IMHO the simple fact that such is used when it is not needed is ugly part. |
| 6 |
|
| 7 |
> This means that your bootstrap for initializing your root and everything |
| 8 |
> else can use any userspace tool that exists for linux. |
| 9 |
|
| 10 |
Why would I want to do that if I don't /need/ to do that? |
| 11 |
|
| 12 |
I can use IPs on VXLAN VTEPs to communicate between two hosts in the |
| 13 |
same L2 broadcast domain too. But why would I want to do that when the |
| 14 |
simple IP address on the Ethernet interface will suffice? |
| 15 |
|
| 16 |
> A similar concept lies at the heart of coreboot - using a generic |
| 17 |
> kernel/userpace as a firmware bootloader making it far more flexible. |
| 18 |
|
| 19 |
Coreboot is not part of the operating system. |
| 20 |
|
| 21 |
If you want to talk about the kernel in coreboot taking over the |
| 22 |
kernel's job and removing the boot loader + (2nd) kernel, I'm interested |
| 23 |
in discussing. |
| 24 |
|
| 25 |
> An initramfs is basically just a fairly compact linux distro. It works |
| 26 |
> the same as any distro. |
| 27 |
|
| 28 |
IP over the VXLAN VTEP works the same as IP over Ethernet too. |
| 29 |
|
| 30 |
The simple fact that there are two distros (kernel & init scripts) that |
| 31 |
run in succession when there is no /need/ for them is the ugly bit. |
| 32 |
|
| 33 |
Why stop at two distros? Why not three or four or more? |
| 34 |
|
| 35 |
> The kernel runs init, and init does its thing. By convention that init |
| 36 |
> will mount the real root and then exec the init inside, but it doesn't |
| 37 |
> have to work that way. Heck, you can run a system with nothing but an |
| 38 |
> initramfs and no other root filesystem. |
| 39 |
|
| 40 |
You can also run a system in the halt run level with everything mounted |
| 41 |
read-only. I used to run firewalls this way. Makes them really hard to |
| 42 |
modify without rebooting and altering how they boot. }:-) |
| 43 |
|
| 44 |
> Linus would disagree with you there, and has said as much publicly. |
| 45 |
> He does not consider initialization to be the responsibility of kernel |
| 46 |
> space long-term, and prefers that this happen in user-space. |
| 47 |
|
| 48 |
~chuckle~ That wouldn't be the first or last time that Linus disagreed |
| 49 |
with someone. |
| 50 |
|
| 51 |
> Some of the lvm and mdadm support remains for legacy reasons, but you |
| 52 |
> probably won't see initialization of newer volume/etc managers supported |
| 53 |
> directly in the kernel. |
| 54 |
> |
| 55 |
> |
| 56 |
> That is news to me. Obviously it needs whatever drivers it needs, but |
| 57 |
> I don't see why it would care if they are built in-kernel vs in-module. |
| 58 |
|
| 59 |
O.o‽ |
| 60 |
|
| 61 |
How is a kernel going to be able to mount the root file system if it |
| 62 |
doesn't have the driver (and can't load) for said root file system type? |
| 63 |
Or how is it going to extract the initramfs if it doesn't have the |
| 64 |
driver for a ram disk? |
| 65 |
|
| 66 |
The kernel /must/ have (at least) the minimum drivers (and dependencies) |
| 67 |
to be able to boot strap. It doesn't matter if it's boot strapping an |
| 68 |
initramfs or otherwise. |
| 69 |
|
| 70 |
All of these issues about lack of a driver are avoided by having the |
| 71 |
driver statically compiled into the kernel. |
| 72 |
|
| 73 |
IMHO a kernel and a machine is quite a bit more secure if it doesn't |
| 74 |
support modules. Almost all of the root kits that I've seen require |
| 75 |
modules. So the root kits are SIGNIFICANTLY impeded if not completely |
| 76 |
broken if the kernel doesn't support modules. |
| 77 |
|
| 78 |
> Sure, if you want to know exactly how it works that is true, but the |
| 79 |
> same is true of openrc or any other piece of software on your system. |
| 80 |
|
| 81 |
Yep. |
| 82 |
|
| 83 |
I think it's a LOT easier to administer a system that I understand how |
| 84 |
and why it works. |
| 85 |
|
| 86 |
> Dracut is highly modular and phase/hook-driven so it isn't too hard |
| 87 |
> to grok. Most of it is just bash/dash scripts. |
| 88 |
|
| 89 |
That may be the case. But why even spend time with it if it's not |
| 90 |
actually /needed/. |
| 91 |
|
| 92 |
|
| 93 |
|
| 94 |
-- |
| 95 |
Grant. . . . |
| 96 |
unix || die |
Archives