diff options
Diffstat (limited to 'usr/libexec')
| -rwxr-xr-x | usr/libexec/import-state | 39 | ||||
| -rwxr-xr-x | usr/libexec/loadmodules | 13 | ||||
| -rwxr-xr-x | usr/libexec/netconsole | 165 | ||||
| -rwxr-xr-x | usr/libexec/readonly-root | 204 |
4 files changed, 421 insertions, 0 deletions
diff --git a/usr/libexec/import-state b/usr/libexec/import-state new file mode 100755 index 00000000..be2d13eb --- /dev/null +++ b/usr/libexec/import-state @@ -0,0 +1,39 @@ +#!/bin/bash +# import-state: import state files from initramfs (e.g. network config) + +# Copy state into root folder: +# ============================ +cd /run/initramfs/state + +IFS_backup=$IFS +IFS=$'\n' # Process find's results line by line + +dirs_found=$(find . -type d) + +for dir in $dirs_found; do + pushd "$dir" > /dev/null + + # Remove initial '.' char from the find's result: + dest_dir="${dir/\./}" + + # Create destination folder if it does not exist (with the same rights): + if [[ -n "$dest_dir" && ! -d "$dest_dir" ]]; then + mkdir -p "$dest_dir" + chmod --reference="$PWD" "$dest_dir" + chown --reference="$PWD" "$dest_dir" + fi + + # Copy all files that are not directory: + find . -mindepth 1 -maxdepth 1 -not -type d -exec cp -av -t "$dest_dir" {} \; > /dev/null + + popd > /dev/null +done + +IFS=$IFS_backup + + +# Run restorecon on the copied files: +# =================================== +if [ -e /sys/fs/selinux/enforce ] && [ -x /usr/sbin/restorecon ]; then + find . -mindepth 1 -print0 | { cd / && xargs --null restorecon -iF; } +fi diff --git a/usr/libexec/loadmodules b/usr/libexec/loadmodules new file mode 100755 index 00000000..5925bdf7 --- /dev/null +++ b/usr/libexec/loadmodules @@ -0,0 +1,13 @@ +#!/bin/bash + +# Load other user-defined modules +for file in /etc/sysconfig/modules/*.modules ; do + if [ -x $file ]; then + $file + fi +done + +# Load modules (for backward compatibility with VARs) +if [ -f /etc/rc.modules ]; then + /etc/rc.modules +fi diff --git a/usr/libexec/netconsole b/usr/libexec/netconsole new file mode 100755 index 00000000..48f9bbf4 --- /dev/null +++ b/usr/libexec/netconsole @@ -0,0 +1,165 @@ +#!/bin/bash +# +# netconsole This loads the netconsole module with the configured parameters. +# +# chkconfig: - 50 50 +# description: Initializes network console logging +# config: /etc/sysconfig/netconsole +# +### BEGIN INIT INFO +# Provides: netconsole +# Required-Start: $network +# Required-Stop: $network +# Short-Description: Initializes network console logging +# Description: Initializes network console logging of kernel messages. +### END INIT INFO + +# Copyright 2002 Red Hat, Inc. +# +# Based in part on a shell script by +# Andreas Dilger <adilger@turbolinux.com> Sep 26, 2001 + +PATH=/sbin:/usr/sbin:$PATH +RETVAL=0 +SERVER_ADDRESS_RESOLUTION= + +# Check that networking is up. +. /etc/sysconfig/network + +# Source function library. +. /etc/rc.d/init.d/functions + +# Default values +LOCALPORT=6666 +DEV= + +SYSLOGADDR= +SYSLOGPORT=514 +SYSLOGMACADDR= + +kernel=$(uname -r | cut -d. -f1-2) + +usage () +{ + gprintf "Usage: %s {start|stop|status|restart|condrestart}\n" $0 1>&2 + RETVAL=2 +} + +print_address_info () +{ + local host=$1 + local route via target + + route=$(LANG=C ip -o route get to $host/32) + + [ -z "$DEV" ] && DEV=$(echo $route | sed "s|.* dev \([^ ]*\).*|\1|") + echo "DEV=$DEV" + echo "LOCALADDR=$(echo $route | sed "s|.* src \([^ ]*\).*|\1|")" + if [[ $route == *" via "* ]] ; then + via=$(echo $route | sed "s|.* via \([^ ]*\).*|\1|") + target=$via + else + target=$host + fi + if [ -z "$SYSLOGMACADDR" ]; then + arp=$(LANG=C /sbin/arping -f -c 1 -I $DEV $target 2>/dev/null | awk '/ reply from .*[.*]/ { print gensub(".* reply from .* \\[(.*)\\].*","\\1","G"); exit }') + [ -n "$arp" ] && echo "SYSLOGMACADDR=$arp" + fi +} + +start () +{ + [ -f /etc/sysconfig/netconsole ] || exit 6 + . /etc/sysconfig/netconsole + + SYSLOGOPTS= + # syslogd server, if any + if [ -n "$SYSLOGADDR" ]; then + # IPv6 regex also covers 4to6, zero-compressed, and link-local addresses with zone-index addresses. + # It should also cover IPv4-embedded, IPv4-mapped, and IPv4-translated IPv6 addresses. + # Taken from: http://stackoverflow.com/a/17871737/3481531 + IPv4_regex="^([0-9]{1,3}\.){3}[0-9]{1,3}$" + IPv6_regex="^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" + if ! [[ "$SYSLOGADDR" =~ $IPv4_regex ]] && ! [[ "$SYSLOGADDR" =~ $IPv6_regex ]]; then + # Use IPv4 by default: + SYSLOGADDR="$(LANG=C getent ahostsv4 $SYSLOGADDR 2> /dev/null)" + + # Try IPv6 in case IPv4 resolution has failed: + if [[ $? -eq 2 ]]; then + SYSLOGADDR="$(LANG=C getent ahostsv6 $SYSLOGADDR 2> /dev/null)" + fi + + if [[ $? -ne 0 ]]; then + echo $"Unable to resolve IP address specified in /etc/sysconfig/netconsole" 1>&2 + exit 6 + fi + + SYSLOGADDR="$(echo "$SYSLOGADDR" | head -1 | cut --delimiter=' ' --fields=1)" + fi + fi + if [ -z "$SYSLOGADDR" ] ; then + gprintf "Server address not specified in /etc/sysconfig/netconsole\n" 1>&2 + exit 6 + fi + eval $(print_address_info $SYSLOGADDR) + + if [ -z "$SYSLOGMACADDR" ]; then + gprintf "netconsole: can't resolve MAC address of %s\n" $SYSLOGADDR 1>&2 + exit 1 + fi + + SYSLOGOPTS="netconsole=$LOCALPORT@$LOCALADDR/$DEV,$SYSLOGPORT@$SYSLOGADDR/$SYSLOGMACADDR " + + /usr/bin/logger -p daemon.info -t netconsole: inserting netconsole module with arguments \ + $SYSLOGOPTS + if [ -n "$SYSLOGOPTS" ]; then + action "Initializing netconsole" modprobe netconsole \ + $SYSLOGOPTS + [ "$?" != "0" ] && RETVAL=1 + fi + touch /var/lock/subsys/netconsole +} + +stop () +{ + if /sbin/lsmod | grep netconsole >/dev/null 2>&1 ; then + action "Disabling netconsole" rmmod netconsole; + [ "$?" != "0" ] && RETVAL=1 + fi + + rm -f /var/lock/subsys/netconsole +} + +status () +{ + if /sbin/lsmod | grep netconsole >/dev/null 2>&1 ; then + gprintf "netconsole module loaded\n" + RETVAL=0 + else + gprintf "netconsole module not loaded\n" + RETVAL=3 + fi +} + + +restart () +{ + stop + start +} + +condrestart () +{ + [ -e /var/lock/subsys/netconsole ] && restart +} + + +case "$1" in + stop) stop ;; + status) status ;; + start|restart|reload|force-reload) restart ;; + condrestart) condrestart ;; + *) usage ;; +esac + +exit $RETVAL diff --git a/usr/libexec/readonly-root b/usr/libexec/readonly-root new file mode 100755 index 00000000..9b9c2824 --- /dev/null +++ b/usr/libexec/readonly-root @@ -0,0 +1,204 @@ +#!/bin/bash +# +# Set up readonly-root support. +# + +. /etc/init.d/functions + +# We need to initialize the $HOSTNAME variable by ourselves now: +# (It was previously done for RHEL-6 branch, but got lost in time.) +HOSTNAME="$(hostname)" + +# Check SELinux status +SELINUX_STATE= +if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current | tr -d '\000' )" != "kernel" ]; then + if [ -r "/sys/fs/selinux/enforce" ] ; then + SELINUX_STATE=$(cat "/sys/fs/selinux/enforce") + else + # assume enforcing if you can't read it + SELINUX_STATE=1 + fi +fi + +selinux_fixup() { + if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then + restorecon -R "$1" + fi +} + +# Only read this once. +[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline) + +READONLY= +if [ -f /etc/sysconfig/readonly-root ]; then + . /etc/sysconfig/readonly-root +fi +if strstr "$cmdline" readonlyroot ; then + READONLY=yes + [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable + [ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state +fi +if strstr "$cmdline" noreadonlyroot ; then + READONLY=no +fi + +MOUNTS=() +if is_true "$READONLY" || is_true "$TEMPORARY_STATE"; then + + add_mount() { + mnt=${1%/} + MOUNTS=("${MOUNTS[@]}" "$mnt") + } + + cp_empty() { + if [ -e "$1" ]; then + echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null + add_mount $1 + fi + } + + cp_dirs() { + if [ -e "$1" ]; then + mkdir -p "$RW_MOUNT$1" + find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null + add_mount $1 + fi + } + + cp_files() { + if [ -e "$1" ]; then + cp -a --parents "$1" "$RW_MOUNT" + add_mount $1 + fi + } + + # Common mount options for scratch space regardless of + # type of backing store + mountopts= + + # Scan partitions for local scratch storage + rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device) + + bindmountopts= + is_true "$SLAVE_MOUNTS" && bindmountopts="--make-slave" + + # First try to mount scratch storage from /etc/fstab, then any + # partition with the proper label. If either succeeds, be sure + # to wipe the scratch storage clean. If both fail, then mount + # scratch storage via tmpfs. + if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then + rm -rf "$RW_MOUNT" > /dev/null 2>&1 + elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then + rm -rf "$RW_MOUNT" > /dev/null 2>&1 + else + mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT" + fi + + for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do + is_ignored_file "$file" && continue + [ -f $file ] && while read type path ; do + case "$type" in + empty) + cp_empty $path + ;; + files) + cp_files $path + ;; + dirs) + cp_dirs $path + ;; + *) + ;; + esac + done < <(cat $file) + done + + for m in "${MOUNTS[@]}"; do + prefix=0 + for mount_point in "${MOUNTS[@]}"; do + [[ $m = $mount_point ]] && continue + if [[ $m =~ ^$mount_point/.* ]] ; then + prefix=1 + break + fi + done + [[ $prefix -eq 1 ]] && continue + + mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m" + selinux_fixup "$m" + done + + # Use any state passed by initramfs + [ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT + + # In theory there should be no more than one network interface active + # this early in the boot process -- the one we're booting from. + # Use the network address to set the hostname of the client. This + # must be done even if we have local storage. + ipaddr= + if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then + ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }') + for ip in $ipaddr ; do + HOSTNAME= + eval $(ipcalc -h $ipaddr 2>/dev/null) + [ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; } + done + fi + + # Clients with read-only root filesystems may be provided with a + # place where they can place minimal amounts of persistent + # state. SSH keys or puppet certificates for example. + # + # Ideally we'll use puppet to manage the state directory and to + # create the bind mounts. However, until that's all ready this + # is sufficient to build a working system. + + # First try to mount persistent data from /etc/fstab, then any + # partition with the proper label, then fallback to NFS + state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device) + if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then + /bin/true + elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then + /bin/true + elif [ ! -z "$CLIENTSTATE" ]; then + # No local storage was found. Make a final attempt to find + # state on an NFS server. + + mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock + fi + + if [ -w "$STATE_MOUNT" ]; then + + mount_state() { + if [ -e "$1" ]; then + [ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT" + mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1" + fi + } + + for file in /etc/statetab /etc/statetab.d/* ; do + is_ignored_file "$file" && continue + [ ! -f "$file" ] && continue + + if [ -f "$STATE_MOUNT/$file" ] ; then + mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file" + fi + + for path in $(grep -v "^#" "$file" 2>/dev/null); do + mount_state "$path" + selinux_fixup "$path" + done + done + + if [ -f "$STATE_MOUNT/files" ] ; then + for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do + mount_state "$path" + selinux_fixup "$path" + done + fi + fi + + if mount | grep -q /var/lib/nfs/rpc_pipefs ; then + mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs + fi +fi |