On Tue, 2017-08-22 at 10:38 +0200, Denys Vlasenko wrote: > On Mon, Aug 21, 2017 at 8:38 PM, Ben Hutchings <ben@decadent.org.uk> > wrote: > > On Mon, 2017-08-21 at 19:40 +0200, Denys Vlasenko wrote: > > > > On Mon, Aug 14, 2017 at 5:12 PM, Ben Hutchings <ben@decadent.or > > > > g.uk> wrote: > > > > On Mon, 2017-08-14 at 16:42 +0200, Denys Vlasenko wrote: > > > > > > > run-init > > > > > > > > > > This tool is doing this: > > > > > > > > [...] > > > > > There is the "switch_root" tool in util-linux which does the > > > > > crucial part of this functionality - deleting / remounting / > > > > > chrooting. > > > > > It is in bbox too. > > > > > > > > initramfs-tools used to use switch_root if possible, but it > > > > didn't > > > > support the -d (drop capabilities) option. Later on we needed > > > > validation of the init filename to support symlinks (e.g. > > > > /sbin/init -> > > > > /lib/systemd/systemd), so I added and used the -n (dry run) > > > > option to > > > > run-init. busybox would need to support both of these. > > > > > > I added run-init to busybox just now, but I don't see -n option > > > in > > > klibc-2.0.4 source. Can you point me to the source code with -n? > > > > It's not upstream yet, but in a Debian patch: > > https://sources.debian.net/src/klibc/2.0.4-9/debian/patches/run-ini > > t-add-dry-run-mode.patch/ > > Done: > > $ ./busybox run-init > BusyBox v1.28.0.git (2017-08-21 18:55:09 CEST) multi-call binary. > > Usage: run-init [-d CAP,CAP...] [-n] [-c CONSOLE_DEV] NEW_ROOT > NEW_INIT [ARGS] > > Free initramfs and switch to another root fs: > chroot to NEW_ROOT, delete all in /, move NEW_ROOT to /, > execute NEW_INIT. PID must be 1. NEW_ROOT must be a mountpoint. > > -c DEV Reopen stdio to DEV after switch > -d CAPS Drop capabilities > -n Dry run Great. Once these changes are in the Debian package, I can update initramfs-tools to make klibc-utils optional. Ben. -- Ben Hutchings Make three consecutive correct guesses and you will be considered an expert.
Attachment:
signature.asc
Description: This is a digitally signed message part