[klibc] [PATCH 1/8] switch_root: rename from run-init

maximilian attems max at stro.at
Wed Jul 13 06:48:26 PDT 2011


This seems the name people have settled in.
This is the first step to enhance switch_root()
(No code changes itself).

Signed-off-by: maximilian attems <max at stro.at>
---
 usr/kinit/Kbuild                       |    6 +-
 usr/kinit/kinit.c                      |    6 +-
 usr/kinit/nfsmount/README.locking      |    2 +-
 usr/kinit/run-init/Kbuild              |   29 -----
 usr/kinit/run-init/run-init.c          |   93 --------------
 usr/kinit/run-init/run-init.h          |   34 -----
 usr/kinit/run-init/runinitlib.c        |  209 --------------------------------
 usr/kinit/switch_root/Kbuild           |   29 +++++
 usr/kinit/switch_root/switch_root.c    |   93 ++++++++++++++
 usr/kinit/switch_root/switch_root.h    |   34 +++++
 usr/kinit/switch_root/switch_rootlib.c |  209 ++++++++++++++++++++++++++++++++
 11 files changed, 372 insertions(+), 372 deletions(-)
 delete mode 100644 usr/kinit/run-init/Kbuild
 delete mode 100644 usr/kinit/run-init/run-init.c
 delete mode 100644 usr/kinit/run-init/run-init.h
 delete mode 100644 usr/kinit/run-init/runinitlib.c
 create mode 100644 usr/kinit/switch_root/Kbuild
 create mode 100644 usr/kinit/switch_root/switch_root.c
 create mode 100644 usr/kinit/switch_root/switch_root.h
 create mode 100644 usr/kinit/switch_root/switch_rootlib.c

diff --git a/usr/kinit/Kbuild b/usr/kinit/Kbuild
index ff1d449..4b2b2fe 100644
--- a/usr/kinit/Kbuild
+++ b/usr/kinit/Kbuild
@@ -13,7 +13,7 @@ kinit-y  += do_mounts_md.o do_mounts_mtd.o nfsroot.o
 
 kinit-y  += ipconfig/
 kinit-y  += nfsmount/
-kinit-y  += run-init/
+kinit-y  += switch_root/
 kinit-y  += fstype/
 kinit-y  += resume/
 
@@ -26,11 +26,11 @@ KLIBCCFLAGS += -I$(srctree)/$(src)/fstype \
 	       -I$(srctree)/$(src)/ipconfig \
   	       -I$(srctree)/$(src)/nfsmount \
   	       -I$(srctree)/$(src)/resume \
- 	       -I$(srctree)/$(src)/run-init
+ 	       -I$(srctree)/$(src)/switch_root
 
 # Cleaning
 targets += kinit kinit.g kinit.shared kinit.shared.g
-subdir- := fstype ipconfig nfsmount resume run-init
+subdir- := fstype ipconfig nfsmount resume switch_root
 
 
 # install binary
diff --git a/usr/kinit/kinit.c b/usr/kinit/kinit.c
index 4a1f40b..9495d89 100644
--- a/usr/kinit/kinit.c
+++ b/usr/kinit/kinit.c
@@ -12,7 +12,7 @@
 
 #include "kinit.h"
 #include "ipconfig.h"
-#include "run-init.h"
+#include "switch_root.h"
 #include "resume.h"
 
 const char *progname = "kinit";
@@ -307,9 +307,9 @@ int main(int argc, char *argv[])
 
 	init_argv[0] = strrchr(init_path, '/') + 1;
 
-	errmsg = run_init("/root", "/dev/console", init_path, init_argv);
+	errmsg = switch_root("/root", "/dev/console", init_path, init_argv);
 
-	/* If run_init returned, something went bad */
+	/* If switch_root returned, something went bad */
 	fprintf(stderr, "%s: %s: %s\n", progname, errmsg, strerror(errno));
 	ret = 2;
 	goto bail;
diff --git a/usr/kinit/nfsmount/README.locking b/usr/kinit/nfsmount/README.locking
index bf2e8e7..4576195 100644
--- a/usr/kinit/nfsmount/README.locking
+++ b/usr/kinit/nfsmount/README.locking
@@ -14,7 +14,7 @@ pmap_file can be /dev/null.
 b) Allow the kernel to bind to any port and use the file produced by
 nfsroot to feed to pmap_set (it should be directly compatible); this
 means the file needs to be transferred to a place where the "real
-root" can find it before run-init.
+root" can find it before switch_root.
 
 In either case, it is imperative that the real portmapper is launched
 before any program actually tries to create locks!
diff --git a/usr/kinit/run-init/Kbuild b/usr/kinit/run-init/Kbuild
deleted file mode 100644
index bf6e140..0000000
--- a/usr/kinit/run-init/Kbuild
+++ /dev/null
@@ -1,29 +0,0 @@
-#
-# Kbuild file for run-init
-#
-
-static-y := static/run-init
-shared-y := shared/run-init
-
-# common .o files
-objs := run-init.o runinitlib.o
-
-# TODO - do we want a stripped version
-# TODO - do we want the static.g + shared.g directories?
-
-# Create built-in.o with all object files (used by kinit)
-lib-y := $(objs)
-
-# force run-init to not have an executable stack (to keep READ_IMPLIES_EXEC
-# personality(2) flag from getting set and passed to init).
-EXTRA_KLIBCLDFLAGS += -z noexecstack
-
-# .o files used to built executables
-static/run-init-y := $(objs)
-shared/run-init-y := $(objs)
-
-# Cleaning
-clean-dirs := static shared
-
-# install binary
-install-y := $(shared-y)
diff --git a/usr/kinit/run-init/run-init.c b/usr/kinit/run-init/run-init.c
deleted file mode 100644
index 0f150dd..0000000
--- a/usr/kinit/run-init/run-init.c
+++ /dev/null
@@ -1,93 +0,0 @@
-/* ----------------------------------------------------------------------- *
- *
- *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
- *
- *   Permission is hereby granted, free of charge, to any person
- *   obtaining a copy of this software and associated documentation
- *   files (the "Software"), to deal in the Software without
- *   restriction, including without limitation the rights to use,
- *   copy, modify, merge, publish, distribute, sublicense, and/or
- *   sell copies of the Software, and to permit persons to whom
- *   the Software is furnished to do so, subject to the following
- *   conditions:
- *
- *   The above copyright notice and this permission notice shall
- *   be included in all copies or substantial portions of the Software.
- *
- *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- *   OTHER DEALINGS IN THE SOFTWARE.
- *
- * ----------------------------------------------------------------------- */
-
-/*
- * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@"
- *
- * This program should be called as the last thing in a shell script
- * acting as /init in an initramfs; it does the following:
- *
- * - Delete all files in the initramfs;
- * - Remounts /real-root onto the root filesystem;
- * - Chroots;
- * - Opens /dev/console;
- * - Spawns the specified init program (with arguments.)
- */
-
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <string.h>
-#include <errno.h>
-#include "run-init.h"
-
-static const char *program;
-
-static void __attribute__ ((noreturn)) usage(void)
-{
-	fprintf(stderr,
-		"Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n",
-		program);
-	exit(1);
-}
-
-int main(int argc, char *argv[])
-{
-	/* Command-line options and defaults */
-	const char *console = "/dev/console";
-	const char *realroot;
-	const char *init;
-	const char *error;
-	char **initargs;
-
-	/* Variables... */
-	int o;
-
-	/* Parse the command line */
-	program = argv[0];
-
-	while ((o = getopt(argc, argv, "c:")) != -1) {
-		if (o == 'c') {
-			console = optarg;
-		} else {
-			usage();
-		}
-	}
-
-	if (argc - optind < 2)
-		usage();
-
-	realroot = argv[optind];
-	init = argv[optind + 1];
-	initargs = argv + optind + 1;
-
-	error = run_init(realroot, console, init, initargs);
-
-	/* If run_init returns, something went wrong */
-	fprintf(stderr, "%s: %s: %s\n", program, error, strerror(errno));
-	return 1;
-}
diff --git a/usr/kinit/run-init/run-init.h b/usr/kinit/run-init/run-init.h
deleted file mode 100644
index a95328e..0000000
--- a/usr/kinit/run-init/run-init.h
+++ /dev/null
@@ -1,34 +0,0 @@
-/* ----------------------------------------------------------------------- *
- *
- *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
- *
- *   Permission is hereby granted, free of charge, to any person
- *   obtaining a copy of this software and associated documentation
- *   files (the "Software"), to deal in the Software without
- *   restriction, including without limitation the rights to use,
- *   copy, modify, merge, publish, distribute, sublicense, and/or
- *   sell copies of the Software, and to permit persons to whom
- *   the Software is furnished to do so, subject to the following
- *   conditions:
- *
- *   The above copyright notice and this permission notice shall
- *   be included in all copies or substantial portions of the Software.
- *
- *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- *   OTHER DEALINGS IN THE SOFTWARE.
- *
- * ----------------------------------------------------------------------- */
-
-#ifndef RUN_INIT_H
-#define RUN_INIT_H
-
-const char *run_init(const char *realroot, const char *console,
-		     const char *init, char **initargs);
-
-#endif
diff --git a/usr/kinit/run-init/runinitlib.c b/usr/kinit/run-init/runinitlib.c
deleted file mode 100644
index 8f1562f..0000000
--- a/usr/kinit/run-init/runinitlib.c
+++ /dev/null
@@ -1,209 +0,0 @@
-/* ----------------------------------------------------------------------- *
- *
- *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
- *
- *   Permission is hereby granted, free of charge, to any person
- *   obtaining a copy of this software and associated documentation
- *   files (the "Software"), to deal in the Software without
- *   restriction, including without limitation the rights to use,
- *   copy, modify, merge, publish, distribute, sublicense, and/or
- *   sell copies of the Software, and to permit persons to whom
- *   the Software is furnished to do so, subject to the following
- *   conditions:
- *
- *   The above copyright notice and this permission notice shall
- *   be included in all copies or substantial portions of the Software.
- *
- *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
- *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
- *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
- *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
- *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
- *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
- *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
- *   OTHER DEALINGS IN THE SOFTWARE.
- *
- * ----------------------------------------------------------------------- */
-
-/*
- * run_init(consoledev, realroot, init, initargs)
- *
- * This function should be called as the last thing in kinit,
- * from initramfs, it does the following:
- *
- * - Delete all files in the initramfs;
- * - Remounts /real-root onto the root filesystem;
- * - Chroots;
- * - Opens /dev/console;
- * - Spawns the specified init program (with arguments.)
- *
- * On failure, returns a human-readable error message.
- */
-
-#include <assert.h>
-#include <dirent.h>
-#include <errno.h>
-#include <fcntl.h>
-#include <string.h>
-#include <stdlib.h>
-#include <stdio.h>
-#include <unistd.h>
-#include <sys/mount.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <sys/vfs.h>
-#include "run-init.h"
-
-/* Make it possible to compile on glibc by including constants that the
-   always-behind shipped glibc headers may not include.  Classic example
-   on why the lack of ABI headers screw us up. */
-#ifndef TMPFS_MAGIC
-# define TMPFS_MAGIC	0x01021994
-#endif
-#ifndef RAMFS_MAGIC
-# define RAMFS_MAGIC	0x858458f6
-#endif
-#ifndef MS_MOVE
-# define MS_MOVE	8192
-#endif
-
-static int nuke(const char *what);
-
-static int nuke_dirent(int len, const char *dir, const char *name, dev_t me)
-{
-	int bytes = len + strlen(name) + 2;
-	char path[bytes];
-	int xlen;
-	struct stat st;
-
-	xlen = snprintf(path, bytes, "%s/%s", dir, name);
-	assert(xlen < bytes);
-
-	if (lstat(path, &st))
-		return ENOENT;	/* Return 0 since already gone? */
-
-	if (st.st_dev != me)
-		return 0;	/* DO NOT recurse down mount points!!!!! */
-
-	return nuke(path);
-}
-
-/* Wipe the contents of a directory, but not the directory itself */
-static int nuke_dir(const char *what)
-{
-	int len = strlen(what);
-	DIR *dir;
-	struct dirent *d;
-	int err = 0;
-	struct stat st;
-
-	if (lstat(what, &st))
-		return errno;
-
-	if (!S_ISDIR(st.st_mode))
-		return ENOTDIR;
-
-	if (!(dir = opendir(what))) {
-		/* EACCES means we can't read it.  Might be empty and removable;
-		   if not, the rmdir() in nuke() will trigger an error. */
-		return (errno == EACCES) ? 0 : errno;
-	}
-
-	while ((d = readdir(dir))) {
-		/* Skip . and .. */
-		if (d->d_name[0] == '.' &&
-		    (d->d_name[1] == '\0' ||
-		     (d->d_name[1] == '.' && d->d_name[2] == '\0')))
-			continue;
-
-		err = nuke_dirent(len, what, d->d_name, st.st_dev);
-		if (err) {
-			closedir(dir);
-			return err;
-		}
-	}
-
-	closedir(dir);
-
-	return 0;
-}
-
-static int nuke(const char *what)
-{
-	int rv;
-	int err = 0;
-
-	rv = unlink(what);
-	if (rv < 0) {
-		if (errno == EISDIR) {
-			/* It's a directory. */
-			err = nuke_dir(what);
-			if (!err)
-				err = rmdir(what) ? errno : err;
-		} else {
-			err = errno;
-		}
-	}
-
-	if (err) {
-		errno = err;
-		return err;
-	} else {
-		return 0;
-	}
-}
-
-const char *run_init(const char *realroot, const char *console,
-		     const char *init, char **initargs)
-{
-	struct stat rst, cst;
-	struct statfs sfs;
-	int confd;
-
-	/* First, change to the new root directory */
-	if (chdir(realroot))
-		return "chdir to new root";
-
-	/* This is a potentially highly destructive program.  Take some
-	   extra precautions. */
-
-	/* Make sure the current directory is not on the same filesystem
-	   as the root directory */
-	if (stat("/", &rst) || stat(".", &cst))
-		return "stat";
-
-	if (rst.st_dev == cst.st_dev)
-		return "current directory on the same filesystem as the root";
-
-	/* Make sure we're on a ramfs */
-	if (statfs("/", &sfs))
-		return "statfs /";
-	if (sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC)
-		return "rootfs not a ramfs or tmpfs";
-
-	/* Okay, I think we should be safe... */
-
-	/* Delete rootfs contents */
-	if (nuke_dir("/"))
-		return "nuking initramfs contents";
-
-	/* Overmount the root */
-	if (mount(".", "/", NULL, MS_MOVE, NULL))
-		return "overmounting root";
-
-	/* chroot, chdir */
-	if (chroot(".") || chdir("/"))
-		return "chroot";
-
-	/* Open /dev/console */
-	if ((confd = open(console, O_RDWR)) < 0)
-		return "opening console";
-	dup2(confd, 0);
-	dup2(confd, 1);
-	dup2(confd, 2);
-	close(confd);
-
-	/* Spawn init */
-	execv(init, initargs);
-	return init;		/* Failed to spawn init */
-}
diff --git a/usr/kinit/switch_root/Kbuild b/usr/kinit/switch_root/Kbuild
new file mode 100644
index 0000000..13f0a2a
--- /dev/null
+++ b/usr/kinit/switch_root/Kbuild
@@ -0,0 +1,29 @@
+#
+# Kbuild file for switch_root
+#
+
+static-y := static/switch_root
+shared-y := shared/switch_root
+
+# common .o files
+objs := switch_root.o switch_rootlib.o
+
+# TODO - do we want a stripped version
+# TODO - do we want the static.g + shared.g directories?
+
+# Create built-in.o with all object files (used by kinit)
+lib-y := $(objs)
+
+# force switch_root to not have an executable stack (to keep READ_IMPLIES_EXEC
+# personality(2) flag from getting set and passed to init).
+EXTRA_KLIBCLDFLAGS += -z noexecstack
+
+# .o files used to built executables
+static/switch_root-y := $(objs)
+shared/switch_root-y := $(objs)
+
+# Cleaning
+clean-dirs := static shared
+
+# install binary
+install-y := $(shared-y)
diff --git a/usr/kinit/switch_root/switch_root.c b/usr/kinit/switch_root/switch_root.c
new file mode 100644
index 0000000..dbbbd9a
--- /dev/null
+++ b/usr/kinit/switch_root/switch_root.c
@@ -0,0 +1,93 @@
+/* ----------------------------------------------------------------------- *
+ *
+ *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
+ *
+ *   Permission is hereby granted, free of charge, to any person
+ *   obtaining a copy of this software and associated documentation
+ *   files (the "Software"), to deal in the Software without
+ *   restriction, including without limitation the rights to use,
+ *   copy, modify, merge, publish, distribute, sublicense, and/or
+ *   sell copies of the Software, and to permit persons to whom
+ *   the Software is furnished to do so, subject to the following
+ *   conditions:
+ *
+ *   The above copyright notice and this permission notice shall
+ *   be included in all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *   OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * ----------------------------------------------------------------------- */
+
+/*
+ * Usage: exec switch_root [-c /dev/console] /real-root /sbin/init "$@"
+ *
+ * This program should be called as the last thing in a shell script
+ * acting as /init in an initramfs; it does the following:
+ *
+ * - Delete all files in the initramfs;
+ * - Remounts /real-root onto the root filesystem;
+ * - Chroots;
+ * - Opens /dev/console;
+ * - Spawns the specified init program (with arguments.)
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <string.h>
+#include <errno.h>
+#include "switch_root.h"
+
+static const char *program;
+
+static void __attribute__ ((noreturn)) usage(void)
+{
+	fprintf(stderr,
+		"Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n",
+		program);
+	exit(1);
+}
+
+int main(int argc, char *argv[])
+{
+	/* Command-line options and defaults */
+	const char *console = "/dev/console";
+	const char *realroot;
+	const char *init;
+	const char *error;
+	char **initargs;
+
+	/* Variables... */
+	int o;
+
+	/* Parse the command line */
+	program = argv[0];
+
+	while ((o = getopt(argc, argv, "c:")) != -1) {
+		if (o == 'c') {
+			console = optarg;
+		} else {
+			usage();
+		}
+	}
+
+	if (argc - optind < 2)
+		usage();
+
+	realroot = argv[optind];
+	init = argv[optind + 1];
+	initargs = argv + optind + 1;
+
+	error = switch_root(realroot, console, init, initargs);
+
+	/* If switch_root returns, something went wrong */
+	fprintf(stderr, "%s: %s: %s\n", program, error, strerror(errno));
+	return 1;
+}
diff --git a/usr/kinit/switch_root/switch_root.h b/usr/kinit/switch_root/switch_root.h
new file mode 100644
index 0000000..dfac8ac
--- /dev/null
+++ b/usr/kinit/switch_root/switch_root.h
@@ -0,0 +1,34 @@
+/* ----------------------------------------------------------------------- *
+ *
+ *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
+ *
+ *   Permission is hereby granted, free of charge, to any person
+ *   obtaining a copy of this software and associated documentation
+ *   files (the "Software"), to deal in the Software without
+ *   restriction, including without limitation the rights to use,
+ *   copy, modify, merge, publish, distribute, sublicense, and/or
+ *   sell copies of the Software, and to permit persons to whom
+ *   the Software is furnished to do so, subject to the following
+ *   conditions:
+ *
+ *   The above copyright notice and this permission notice shall
+ *   be included in all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *   OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * ----------------------------------------------------------------------- */
+
+#ifndef SWITCH_ROOT_H
+#define SWITCH_ROOT_H
+
+const char *switch_root(const char *realroot, const char *console,
+		     const char *init, char **initargs);
+
+#endif /* SWITCH_ROOT_H */
diff --git a/usr/kinit/switch_root/switch_rootlib.c b/usr/kinit/switch_root/switch_rootlib.c
new file mode 100644
index 0000000..23ce41f
--- /dev/null
+++ b/usr/kinit/switch_root/switch_rootlib.c
@@ -0,0 +1,209 @@
+/* ----------------------------------------------------------------------- *
+ *
+ *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
+ *
+ *   Permission is hereby granted, free of charge, to any person
+ *   obtaining a copy of this software and associated documentation
+ *   files (the "Software"), to deal in the Software without
+ *   restriction, including without limitation the rights to use,
+ *   copy, modify, merge, publish, distribute, sublicense, and/or
+ *   sell copies of the Software, and to permit persons to whom
+ *   the Software is furnished to do so, subject to the following
+ *   conditions:
+ *
+ *   The above copyright notice and this permission notice shall
+ *   be included in all copies or substantial portions of the Software.
+ *
+ *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+ *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
+ *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+ *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
+ *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
+ *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+ *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ *   OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * ----------------------------------------------------------------------- */
+
+/*
+ * switch_root(consoledev, realroot, init, initargs)
+ *
+ * This function should be called as the last thing in kinit,
+ * from initramfs, it does the following:
+ *
+ * - Delete all files in the initramfs;
+ * - Remounts /real-root onto the root filesystem;
+ * - Chroots;
+ * - Opens /dev/console;
+ * - Spawns the specified init program (with arguments.)
+ *
+ * On failure, returns a human-readable error message.
+ */
+
+#include <assert.h>
+#include <dirent.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <stdlib.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/mount.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/vfs.h>
+#include "switch_root.h"
+
+/* Make it possible to compile on glibc by including constants that the
+   always-behind shipped glibc headers may not include.  Classic example
+   on why the lack of ABI headers screw us up. */
+#ifndef TMPFS_MAGIC
+# define TMPFS_MAGIC	0x01021994
+#endif
+#ifndef RAMFS_MAGIC
+# define RAMFS_MAGIC	0x858458f6
+#endif
+#ifndef MS_MOVE
+# define MS_MOVE	8192
+#endif
+
+static int nuke(const char *what);
+
+static int nuke_dirent(int len, const char *dir, const char *name, dev_t me)
+{
+	int bytes = len + strlen(name) + 2;
+	char path[bytes];
+	int xlen;
+	struct stat st;
+
+	xlen = snprintf(path, bytes, "%s/%s", dir, name);
+	assert(xlen < bytes);
+
+	if (lstat(path, &st))
+		return ENOENT;	/* Return 0 since already gone? */
+
+	if (st.st_dev != me)
+		return 0;	/* DO NOT recurse down mount points!!!!! */
+
+	return nuke(path);
+}
+
+/* Wipe the contents of a directory, but not the directory itself */
+static int nuke_dir(const char *what)
+{
+	int len = strlen(what);
+	DIR *dir;
+	struct dirent *d;
+	int err = 0;
+	struct stat st;
+
+	if (lstat(what, &st))
+		return errno;
+
+	if (!S_ISDIR(st.st_mode))
+		return ENOTDIR;
+
+	if (!(dir = opendir(what))) {
+		/* EACCES means we can't read it.  Might be empty and removable;
+		   if not, the rmdir() in nuke() will trigger an error. */
+		return (errno == EACCES) ? 0 : errno;
+	}
+
+	while ((d = readdir(dir))) {
+		/* Skip . and .. */
+		if (d->d_name[0] == '.' &&
+		    (d->d_name[1] == '\0' ||
+		     (d->d_name[1] == '.' && d->d_name[2] == '\0')))
+			continue;
+
+		err = nuke_dirent(len, what, d->d_name, st.st_dev);
+		if (err) {
+			closedir(dir);
+			return err;
+		}
+	}
+
+	closedir(dir);
+
+	return 0;
+}
+
+static int nuke(const char *what)
+{
+	int rv;
+	int err = 0;
+
+	rv = unlink(what);
+	if (rv < 0) {
+		if (errno == EISDIR) {
+			/* It's a directory. */
+			err = nuke_dir(what);
+			if (!err)
+				err = rmdir(what) ? errno : err;
+		} else {
+			err = errno;
+		}
+	}
+
+	if (err) {
+		errno = err;
+		return err;
+	} else {
+		return 0;
+	}
+}
+
+const char *switch_root(const char *realroot, const char *console,
+		     const char *init, char **initargs)
+{
+	struct stat rst, cst;
+	struct statfs sfs;
+	int confd;
+
+	/* First, change to the new root directory */
+	if (chdir(realroot))
+		return "chdir to new root";
+
+	/* This is a potentially highly destructive program.  Take some
+	   extra precautions. */
+
+	/* Make sure the current directory is not on the same filesystem
+	   as the root directory */
+	if (stat("/", &rst) || stat(".", &cst))
+		return "stat";
+
+	if (rst.st_dev == cst.st_dev)
+		return "current directory on the same filesystem as the root";
+
+	/* Make sure we're on a ramfs */
+	if (statfs("/", &sfs))
+		return "statfs /";
+	if (sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC)
+		return "rootfs not a ramfs or tmpfs";
+
+	/* Okay, I think we should be safe... */
+
+	/* Delete rootfs contents */
+	if (nuke_dir("/"))
+		return "nuking initramfs contents";
+
+	/* Overmount the root */
+	if (mount(".", "/", NULL, MS_MOVE, NULL))
+		return "overmounting root";
+
+	/* chroot, chdir */
+	if (chroot(".") || chdir("/"))
+		return "chroot";
+
+	/* Open /dev/console */
+	if ((confd = open(console, O_RDWR)) < 0)
+		return "opening console";
+	dup2(confd, 0);
+	dup2(confd, 1);
+	dup2(confd, 2);
+	close(confd);
+
+	/* Spawn init */
+	execv(init, initargs);
+	return init;		/* Failed to spawn init */
+}
-- 
1.7.5.4



More information about the klibc mailing list