[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

init, pivot_root, chroot, etc ...

Hi,
this question does not pertain specifically to debian-boot,
but it deals with things which i think the readers of this list have a
particular knowledge of, so here goes:

My main root partition is /dev/hda2, and it is encrypted via ppdd.
I have a "maintenance"/"fake" root partition at /dev/hda6.

Right now my system boots to an initrd, which runs a linuxrc written by
the ppdd author which basically prompts you for a password, mounts the
"real" root, and then for its finale does a pivot_root/chroot to the
encrypted partition via a 'exec chroot . sh -c "exec init"'.

or something like that.

i've been banging my head against the wall trying to figure out a way to
"inject" a sshd in there somewhere, so you can enter your passwords over
the net. (i'm aware of the security implicatation, but it would be nice
for emergency situations).

I've tried:
1
calling cryptcat in the linuxrc script. this works, but then i can't
enter passwords at the tty ! apparently signals (ctrl-c) cannot be caught in
the linuxrc script either ? i tried a script that catches this signal
then asked for the passwords from the tty.

2
just booting into a stripped down (single user like) mode.
then executing a script to mount the encrypted partition, and doing a
"exec chroot . sh -c 'exec init 3'".
init doesn't like this cause it is not PID 1.
it can't talk to this pipe /dev/initctl in the chroot environment i
guess. Could I make a symbolic link from the chroot'ed /dev/initctl
file to the original /dev/initctl you think ?

I've also thought about just running minit in the chroot environment.
I was thinking, since all programs are either started from a tty or from
ssh, if i just ran minit and spawned some gettys and started up sshd,
then all processes would inherit this new chroot environment.

3
Interestingly, if i boot into single user mode, and then execute the
change_to_encrypted_root script, init is not bothered.
this is no doubt because of the "wait" in the inittab (i think).
~~:S:wait:/sbin/sulogin

somehow i don't think ~~:S:wait:/usr/sbin/sshd would work ...
%^)

Is there any reason not to use minit as a sort of "sub" process root ?
I noticed a lsof shows init still "rooted" to the old root (now at
/mnt/hda6/sbin/init). Is there anything amatter with this ?

cheers,
e
Reply to: