Bug#633582: initramfs-tools: All files in initrd owned by root

To: Teddy Hogeborn <teddy+mandos@recompile.se>
Cc: intrigeri <intrigeri@boum.org>, 633582@bugs.debian.org, Harald Hoyer <harald@redhat.com>
Subject: Bug#633582: initramfs-tools: All files in initrd owned by root
From: Michael Prokop <mika@debian.org>
Date: Thu, 30 Jan 2014 11:31:17 +0100
Message-id: <[🔎] 2014-01-30T11-18-53@devnull.michael-prokop.at>
Reply-to: Michael Prokop <mika@debian.org>, 633582@bugs.debian.org
In-reply-to: <[🔎] 87ob2terr7.fsf@tower.recompile.se>
References: <87hb6sv8bd.fsf@tower.fukt.bsnet.se> <20110711213307.GE30099@vostochny.stro.at> <871uxwv4xk.fsf@tower.fukt.bsnet.se> <2011-11-23T12-44-14@devnull.michael-prokop.at> <85fw9knfgb.fsf@boum.org> <[🔎] 87ob2terr7.fsf@tower.recompile.se>

[Adding Harald Hoyer from dracut to CC, maybe he can
enlighten us about the reasoning in dracut. Harald, this is about
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633582 which I'm
also quoting in the following mail ]

* Teddy Hogeborn [Thu Jan 30, 2014 at 10:35:56AM +0100]:
> intrigeri <intrigeri@boum.org> writes:
> > Michael Prokop wrote (23 Nov 2011 11:45:14 GMT) :

> > > maximilian: i've scheduled the patch for inclusion via
> > > mika/user_permissions.

> > Was this included eventually?

> No.

> We have, for two years now, a very ugly workaround in mandos-client
> to deal with this.

Maks, please report back what's your opinion how to handle that.

FTR, that's what dracut uses (latest git as of today):

,---- [ dracut.sh ]
| if [[ $create_early_cpio = yes ]]; then
|     echo 1 > "$early_cpio_dir/d/early_cpio"
|     # The microcode blob is _before_ the initramfs blob, not after
|     (cd "$early_cpio_dir/d";     find . -print0 | cpio --null -R 0:0 -H newc -o --quiet >../early.cpio)
|     mv $early_cpio_dir/early.cpio $outfile.$$
| fi
| if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null -R 0:0 -H newc -o --quiet | \
`----

And see:

,---- [ dracut.git % git show 8e5db363 ]
| commit 8e5db363e8c14f2964fe71100f3dcd7f912ca283
| Author: Harald Hoyer <harald@redhat.com>
| Date:   Fri Jan 24 15:27:15 2014 +0100
|
|     dracut.sh: set file owners of early cpio files to 0:0
|
| diff --git a/dracut.sh b/dracut.sh
| index 2142e2d..0970710 100755
| --- a/dracut.sh
| +++ b/dracut.sh
| @@ -1464,10 +1464,10 @@ rm -f -- "$outfile"
|  dinfo "*** Creating image file ***"
|  if [[ $create_early_cpio = yes ]]; then
|      # The microcode blob is _before_ the initramfs blob, not after
| -    (cd "$early_cpio_dir/d"; find . -print0 | cpio --null -o -H newc --quiet >../early.cpio)
| +    (cd "$early_cpio_dir/d";     find . -print0 | cpio --null -R 0:0 -H newc -o --quiet >../early.cpio)
|      mv $early_cpio_dir/early.cpio $outfile.$$
|  fi
| -if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null -R 0:0 -H newc -o --quiet| \
| +if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null -R 0:0 -H newc -o --quiet | \
|      $compress >> "$outfile.$$"; ); then
|      dfatal "dracut: creation of $outfile.$$ failed"
|      exit 1
`----

So there might be a good reason why also dracut goes for all files
in initrd owned by root. Harald, do you have any bug reports or
details about why dracut decided to handle it this way that you
might share with us?

regards,
-mika-

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#633582: initramfs-tools: All files in initrd owned by root
  - From: Harald Hoyer <harald@redhat.com>

References:
- Bug#633582: initramfs-tools: All files in initrd owned by root
  - From: Teddy Hogeborn <teddy@recompile.se>

Prev by Date: Bug#633582: initramfs-tools: All files in initrd owned by root
Next by Date: Bug#737023: BCM5708 with bnx2 driver shows lots of errors on packets.
Previous by thread: Bug#633582: initramfs-tools: All files in initrd owned by root
Next by thread: Bug#633582: initramfs-tools: All files in initrd owned by root
Index(es):
- Date
- Thread