aboutsummaryrefslogtreecommitdiffstats
path: root/rc.d
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2006-04-20 19:25:48 +0000
committerBill Nottingham <notting@redhat.com>2006-04-20 19:25:48 +0000
commita5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea (patch)
treefbd2b823afd3eab0731c9a64414949b4ddb1eac4 /rc.d
parent41784d55e80fc84310d79386cb2adbb974fe6b26 (diff)
downloadinitscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.gz
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.bz2
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.xz
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.zip
readonly root support. Does not currently work with SELinux.
Diffstat (limited to 'rc.d')
-rwxr-xr-xrc.d/rc.sysinit78
1 files changed, 68 insertions, 10 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 5dd74d9d..d805a4cd 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -297,15 +297,71 @@ else
fsckoptions="-V $fsckoptions"
fi
+READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
- . /etc/sysconfig/readonly-root
-
- if [ "$READONLY" = "yes" ]; then
- # Call rc.readonly to set up magic stuff needed for readonly root
- . /etc/rc.readonly
- fi
+ . /etc/sysconfig/readonly-root
+fi
+if strstr "$cmdline" readonlyroot ; then
+ READONLY=yes
+ [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
fi
+if [ "$READONLY" = "yes" -a -n "$SELINUX_STATE" ]; then
+ echo "SELinux is not compatible with read-only root at this time."
+ echo "Mounting read/write."
+ READONLY=no
+fi
+
+if [ "$READONLY" = "yes" ]; then
+ mount_empty() {
+ if [ -e "$1" ]; then
+ echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ mount_dirs() {
+ if [ -e "$1" ]; then
+ mkdir -p "$RW_MOUNT$1"
+ # fixme: find is bad
+ find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ mount_files() {
+ if [ -e "$1" ]; then
+ cp -a --parents "$1" "$RW_MOUNT"
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ if [ -n "$SELINUX_STATE" ]; then
+ mount -t tmpfs -o fscontext=system_u:object_r:fs_t:s0 none "$RW_MOUNT"
+ else
+ mount -t tmpfs none "$RW_MOUNT"
+ fi
+
+ for file in /etc/rwtab /etc/rwtab.d/* ; do
+ [ -f $file ] && cat $file | while read type path ; do
+ case "$type" in
+ empty)
+ mount_empty $path
+ ;;
+ files)
+ mount_files $path
+ ;;
+ dirs)
+ mount_dirs $path
+ ;;
+ *)
+ ;;
+ esac
+ [ -n "$SELINUX_STATE" ] && restorecon -R "$1"
+ done
+ done
+fi
+
if ! [[ " $fsckoptions" =~ " -y" ]]; then
fsckoptions="-a $fsckoptions"
fi
@@ -424,7 +480,7 @@ if [ -x /sbin/quotaon ]; then
fi
# Check to see if a full relabel is needed
-if [ -n "$SELINUX_STATE" ]; then
+if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
relabel_selinux
fi
@@ -445,10 +501,12 @@ fi
if [ -f "/var/lib/random-seed" ]; then
cat /var/lib/random-seed > /dev/urandom
else
- touch /var/lib/random-seed
+ [ "$READONLY" != "yes" ] && touch /var/lib/random-seed
+fi
+if [ "$READONLY" != "yes" ]; then
+ chmod 600 /var/lib/random-seed
+ dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
fi
-chmod 600 /var/lib/random-seed
-dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
# Use the hardware RNG to seed the entropy pool, if available
#[ -x /sbin/rngd -a -c /dev/hw_random ] && rngd