Bug#378455: initramfs-tools: Option to disable fallback to shell on panic

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#378455: initramfs-tools: Option to disable fallback to shell on panic
From: Lionel Elie Mamane <lionel@mamane.lu>
Date: Sun, 16 Jul 2006 15:32:37 +0200
Message-id: <[🔎] 20060716133237.GA32205@capsaicin.mamane.lu>
Reply-to: Lionel Elie Mamane <lionel@mamane.lu>, 378455@bugs.debian.org

Package: initramfs-tools
Severity: wishlist
Tags: patch

Here is a patch that adds a new configuration variable "PANIC_SHELL"
that, when set to no (not the default), disables the fallback to a
shell on panic. (Instead it makes init exit, and thus generates a
kernel panic.)

This is meant to be one link in a chain to secure a system as much as
convenient:

 - Configure the BIOS to boot only from the hard drive
 - Configure the boot loader not to let the user change boot
   parameters
 - This step: The boot process does not give a root shell to the
   user, ever.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-amd64-k8-smp
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)

diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf	2006-07-07 10:15:42.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf	2006-07-16 14:30:43.000000000 +0200
@@ -45,3 +45,10 @@
 
 NFSROOT=auto
 
+#
+# PANIC_SHELL: [ yes | no ]
+# Should init give the user a shell on panic?
+#
+
+PANIC_SHELL=yes
+
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog	2006-07-14 00:31:39.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog	2006-07-16 14:36:14.000000000 +0200
@@ -1,3 +1,9 @@
+initramfs-tools (0.69b.0) unstable; urgency=low
+
+  * Created an option to disable shell invocation on panic.
+
+ -- Lionel Elie Mamane <lmamane@debian.org>  Sun, 16 Jul 2006 14:32:51 +0200
+
 initramfs-tools (0.69b) unstable; urgency=high
 
   * debian/initramfs-tools.preinst: Don't depend upon shipped directories
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions	2006-07-02 19:05:12.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions	2006-07-16 14:27:33.000000000 +0200
@@ -59,10 +59,15 @@
 	if [ -x /sbin/usplash_write ]; then
 		/sbin/usplash_write "QUIT"
 	fi
-	modprobe -q i8042
-	modprobe -q atkbd
-	echo $@
-	PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+        if [ "${PANIC_SHELL}" != no ]; then 
+		modprobe -q i8042
+		modprobe -q atkbd
+		echo $@
+		PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+	else
+		echo $@
+		exit 0
+	fi
 }
 
 maybe_break()

Reply to:

Follow-Ups:
- Bug#378455: initramfs-tools: Option to disable fallback to shell on panic
  - From: maximilian attems <maks@sternwelten.at>

Prev by Date: Bug#378487: linux-2.6: kernel-2.6.17-3 on a P-IV locks up the machine: problem with 'drm:i830'
Next by Date: Processed: Re: Bug#378554: [arm/armeb] Please enable CONFIG_USB_EHCI_SPLIT_ISO on NSLU2
Previous by thread: Processed: Re: Bug#378487: linux-2.6: kernel-2.6.17-3 on a P-IV locks up the machine: problem with 'drm:i830'
Next by thread: Bug#378455: initramfs-tools: Option to disable fallback to shell on panic
Index(es):
- Date
- Thread