aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2006-04-20 19:25:48 +0000
committerBill Nottingham <notting@redhat.com>2006-04-20 19:25:48 +0000
commita5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea (patch)
treefbd2b823afd3eab0731c9a64414949b4ddb1eac4
parent41784d55e80fc84310d79386cb2adbb974fe6b26 (diff)
downloadinitscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.gz
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.bz2
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.tar.xz
initscripts-a5caeb0d1f15fcc3a674420a0b383bf7a7cfd2ea.zip
readonly root support. Does not currently work with SELinux.
-rw-r--r--Makefile2
-rw-r--r--initscripts.spec3
-rwxr-xr-xrc.d/rc.sysinit78
-rw-r--r--rwtab14
4 files changed, 87 insertions, 10 deletions
diff --git a/Makefile b/Makefile
index b3efdaf1..4ecdffd9 100644
--- a/Makefile
+++ b/Makefile
@@ -15,11 +15,13 @@ all:
install:
mkdir -p $(ROOT)/etc/profile.d $(ROOT)/sbin $(ROOT)/usr/sbin
mkdir -p $(ROOT)$(mandir)/man8
+ mkdir -p $(ROOT)/etc/rwtab.d $(ROOT)/var/lib/stateless/writable
install -m644 inittab adjtime $(ROOT)/etc
if uname -m | grep -q s390 ; then \
install -m644 inittab.s390 $(ROOT)/etc/inittab ; \
fi
+ install -m644 rwtab $(ROOT)/etc
install -m755 service setsysfont $(ROOT)/sbin
install -m755 lang.csh lang.sh $(ROOT)/etc/profile.d
install -m755 sys-unconfig $(ROOT)/usr/sbin
diff --git a/initscripts.spec b/initscripts.spec
index fa6e602b..506feac1 100644
--- a/initscripts.spec
+++ b/initscripts.spec
@@ -160,6 +160,8 @@ rm -rf $RPM_BUILD_ROOT
%config /etc/sysconfig/network-scripts/ifup-ctc
%config /etc/sysconfig/network-scripts/ifup-iucv
%endif
+/etc/rwtab
+%dir /etc/rwtab.d
/etc/udev/rules.d/*
%config /etc/X11/prefdm
%config(noreplace) /etc/inittab
@@ -204,6 +206,7 @@ rm -rf $RPM_BUILD_ROOT
%config /etc/ppp/ipv6-down
%config /etc/initlog.conf
%doc sysconfig.txt sysvinitfiles ChangeLog static-routes-ipv6 ipv6-tunnel.howto ipv6-6to4.howto changes.ipv6
+%dir /var/lib/stateless
%ghost %attr(0600,root,utmp) /var/log/btmp
%ghost %attr(0664,root,utmp) /var/log/wtmp
%ghost %attr(0664,root,utmp) /var/run/utmp
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 5dd74d9d..d805a4cd 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -297,15 +297,71 @@ else
fsckoptions="-V $fsckoptions"
fi
+READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
- . /etc/sysconfig/readonly-root
-
- if [ "$READONLY" = "yes" ]; then
- # Call rc.readonly to set up magic stuff needed for readonly root
- . /etc/rc.readonly
- fi
+ . /etc/sysconfig/readonly-root
+fi
+if strstr "$cmdline" readonlyroot ; then
+ READONLY=yes
+ [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
fi
+if [ "$READONLY" = "yes" -a -n "$SELINUX_STATE" ]; then
+ echo "SELinux is not compatible with read-only root at this time."
+ echo "Mounting read/write."
+ READONLY=no
+fi
+
+if [ "$READONLY" = "yes" ]; then
+ mount_empty() {
+ if [ -e "$1" ]; then
+ echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ mount_dirs() {
+ if [ -e "$1" ]; then
+ mkdir -p "$RW_MOUNT$1"
+ # fixme: find is bad
+ find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ mount_files() {
+ if [ -e "$1" ]; then
+ cp -a --parents "$1" "$RW_MOUNT"
+ mount -n --bind "$RW_MOUNT$1" "$1"
+ fi
+ }
+
+ if [ -n "$SELINUX_STATE" ]; then
+ mount -t tmpfs -o fscontext=system_u:object_r:fs_t:s0 none "$RW_MOUNT"
+ else
+ mount -t tmpfs none "$RW_MOUNT"
+ fi
+
+ for file in /etc/rwtab /etc/rwtab.d/* ; do
+ [ -f $file ] && cat $file | while read type path ; do
+ case "$type" in
+ empty)
+ mount_empty $path
+ ;;
+ files)
+ mount_files $path
+ ;;
+ dirs)
+ mount_dirs $path
+ ;;
+ *)
+ ;;
+ esac
+ [ -n "$SELINUX_STATE" ] && restorecon -R "$1"
+ done
+ done
+fi
+
if ! [[ " $fsckoptions" =~ " -y" ]]; then
fsckoptions="-a $fsckoptions"
fi
@@ -424,7 +480,7 @@ if [ -x /sbin/quotaon ]; then
fi
# Check to see if a full relabel is needed
-if [ -n "$SELINUX_STATE" ]; then
+if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
if [ -f /.autorelabel ] || strstr "$cmdline" autorelabel ; then
relabel_selinux
fi
@@ -445,10 +501,12 @@ fi
if [ -f "/var/lib/random-seed" ]; then
cat /var/lib/random-seed > /dev/urandom
else
- touch /var/lib/random-seed
+ [ "$READONLY" != "yes" ] && touch /var/lib/random-seed
+fi
+if [ "$READONLY" != "yes" ]; then
+ chmod 600 /var/lib/random-seed
+ dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
fi
-chmod 600 /var/lib/random-seed
-dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
# Use the hardware RNG to seed the entropy pool, if available
#[ -x /sbin/rngd -a -c /dev/hw_random ] && rngd
diff --git a/rwtab b/rwtab
new file mode 100644
index 00000000..b91bcf45
--- /dev/null
+++ b/rwtab
@@ -0,0 +1,14 @@
+empty /tmp
+empty /var/tmp
+
+dirs /var/gdm
+dirs /var/lock
+dirs /var/log
+dirs /var/run
+
+files /etc/fstab
+files /etc/resolv.conf
+files /etc/ntp.conf
+empty /var/lib/dhcp
+
+files /etc/adjtime