Re: Init.c, making it chroot

In message: <200612291736.kBTHa9kj021368@xxxxxxxxxxxxxxxxx>
Oliver Fromme <olli@xxxxxxxxxxxxxxxxx> writes:
:
: M. Warner Losh wrote:
: > BTW, here's a patch to test. Since FreeBSD has kenv(2), the patch is
: > actually very small.
:
: OK, I tried it. The patch applied cleanly to RELENG_6.
: The following line triggered a warning and caused the
: compilation to be aborted:
:
: > + kenv(KENV_GET, "init_chroot", init_chroot, sizeof(init_chroot));
:
: I get:
:
: /usr/src/sbin/init/init.c: In function `main':
: /usr/src/sbin/init/init.c:245: warning: passing arg 2 of `kenv' discards qualifiers from pointer target type

looks like kenv on RELENG_6 hadn't been const poisoned :-(.

: It compiles without problems. For testing I prepared an
: ISO image and put everything into a subdirectory called
: /chroot, except for /boot. /boot/loader.conf contains
: these lines:
:
: init_path="/ochroot/sbin/init"
: init_chroot="/ochroot"
:
: When I boot the CD (with -v), it freezes after printing
: these lines:
:
: cd9660: RockRidge Extension
: Lookup of /dev for devfs, error: 2
: start_init: trying /ochroot/sbin/init

OK. There's code in init to mount devfs, but it is disabled by
default.

The error message is from devfs_fixup. Early in the kernel boot, just
before we mount root, the kernel executes devfs_first. This mounts
devfs as / and creates a /dev -> / symlink. This allows mounting and
the like to work. Later, after we've mounted /, we do what linux
would call 'pivot root' and remount this devfs on / as /dev. That's
devfs_fixup.

: It seems that the kernel looks for /dev before starting
: init, hence before the chroot. So I created /dev in the
: ISO image and tried again. Now the "devfs error 2" line
: doesn't appear anymore, but it still freezes after the
: "start_init" line.

I can understand that. init doesn't try to mount devfs on /dev unless
you pass it -d. The -d comes from the boot loader somehow, but I've
not threaded to see how it could be set. It appears, from first
blush, that RB_SINGLE gets 's' set, but there's no way to get 'd'
set. Maybe init_chroot should imply it.

: I suspect that init expects devfs to be mounted on /dev
: _inside_ the chroot (i.e. on /ochroot/dev in my case),
: but I'm not sure if that's really causing the freeze.
: Unfortunately I haven't been able to analyse the problem
: further. Do you have an idea or hint?

Once we chroot, we need to have a sane environment inside the chroot.
Since the patches I posted chroot so early, /dev doesn't exist inside
of it...

: PS: The init_chroot feature would also be useful for
: making a shared CD/DVD that contains a standard FreeBSD
: installation (with sysinstall and "fixit") and a bootable
: live FS such as FreeSBIE at the same time.

The desire for a feature similar to this has come up many times,
usually in one-on-one meetings. I'm sold on its need.

I've enclosed a patch. delphi@ also checked the return value of kenv
too, which is more documented an interface.

Warner
Index: init.c
===================================================================
RCS file: /cache/ncvs/src/sbin/init/init.c,v
retrieving revision 1.62
diff -u -r1.62 init.c
--- init.c 8 Jun 2006 14:04:36 -0000 1.62
+++ init.c 29 Dec 2006 18:32:22 -0000
@@ -55,6 +55,7 @@
#include <db.h>
#include <errno.h>
#include <fcntl.h>
+#include <kenv.h>
#include <libutil.h>
#include <paths.h>
#include <signal.h>
@@ -187,6 +188,8 @@
int
main(int argc, char *argv[])
{
+ char init_chroot[PATH_MAX];
+ char icname[] = "init_chroot";
int c;
struct sigaction sa;
sigset_t mask;
@@ -239,6 +242,13 @@
*/
openlog("init", LOG_CONS|LOG_ODELAY, LOG_AUTH);

+ if (kenv(KENV_GET, icname, init_chroot, sizeof(init_chroot)) > 0) {
+ if (chdir(init_chroot) != 0 || chroot(".") != 0)
+ warning("Can't chroot to %s: %m", init_chroot);
+ else
+ devfs++;
+ }
+
/*
* Create an initial session.
*/
_______________________________________________
freebsd-hackers@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-hackers
To unsubscribe, send any mail to "freebsd-hackers-unsubscribe@xxxxxxxxxxx"

Relevant Pages

  • [PATCH] major devfs shrink based on tmpfs and lookup traps
    ... patch combined the tmpfs "lookup traps" patch that is required for ... the devfs operations that device drivers request on that instance. ... Using the "lookup traps" patch that I just posted, ... -static inline int devfs_mk_symlink ...
    (Linux-Kernel)
  • Re: Alternative to git bisect visualize?
    ... different method to locate a nearby commit? ... $ git-bisect good v2.6.17 ... aa4148cfc7b3b93eeaf755a7d14f10afaffe9a96 [PATCH] devfs: Remove devfs support from the serial subsystem ...
    (Linux-Kernel)
  • Re: chroot, scp and security on RedHat 8.0
    ... > chroot jail if a key file exists in the home directory of the login ... instead of the chroot openssh patch to several people, ...
    (Focus-Linux)
  • Re: CHROOT patch openssh3.4p1
    ... There's a 3.1p1 compatible patch, ... >> to the configure.ac script and has a widget for building new chroot ... target directories, it's entirely incompatible in its current release with a ... adding another new user (for the sshd root cage) requires co-evolution ...
    (comp.security.ssh)
  • Re: RCng/NTP Catch-22
    ... > features like /dev must come before users might try to use them. ... > I'll commit the following patch soon if there are no objections. ... > Index: devfs ... kept the general order in /etc/rc and figured we would fix things as ...
    (freebsd-current)