linux-security-module.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Rob Landley <rob@landley.net>
To: Roberto Sassu <roberto.sassu@huawei.com>,
	Jim Baxter <jim_baxter@mentor.com>,
	Eugeniu Rosca <erosca@de.adit-jv.com>
Cc: "hpa@zytor.com" <hpa@zytor.com>,
	Masahiro Yamada <masahiroy@kernel.org>,
	Arvind Sankar <nivedita@alum.mit.edu>,
	Mimi Zohar <zohar@linux.ibm.com>,
	"viro@zeniv.linux.org.uk" <viro@zeniv.linux.org.uk>,
	"linux-security-module@vger.kernel.org" 
	<linux-security-module@vger.kernel.org>,
	"linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"initramfs@vger.kernel.org" <initramfs@vger.kernel.org>,
	"linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	"bug-cpio@gnu.org" <bug-cpio@gnu.org>,
	"zohar@linux.vnet.ibm.com" <zohar@linux.vnet.ibm.com>,
	Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>,
	Dmitry Kasatkin <dmitry.kasatkin@huawei.com>,
	"takondra@cisco.com" <takondra@cisco.com>,
	"kamensky@cisco.com" <kamensky@cisco.com>,
	"arnd@arndb.de" <arnd@arndb.de>,
	"james.w.mcmechan@gmail.com" <james.w.mcmechan@gmail.com>,
	"linux-kbuild@vger.kernel.org" <linux-kbuild@vger.kernel.org>,
	Dirk Behme <dirk.behme@de.bosch.com>,
	Eugeniu Rosca <roscaeugeniu@gmail.com>
Subject: Re: [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Date: Tue, 19 Jul 2022 06:00:04 -0500	[thread overview]
Message-ID: <99ae4aa6-b55a-55a9-e836-b0b483a358d6@landley.net> (raw)
In-Reply-To: <f82d4961986547b28b6de066219ad08b@huawei.com>

On 7/18/22 11:49, Roberto Sassu wrote:
> Uhm, I guess this could be solved with:
> 
> https://github.com/openeuler-mirror/kernel/commit/18a502f7e3b1de7b9ba0c70896ce08ee13d052da
> 
> and adding initramtmpfs to the kernel command line.

It's initmpfs. You can argue about whether it should have two t's (I was
consistent naming it in the patch series adding it), but ramfs and tmpfs are two
different things and saying "initramtmpfs" is like saying "mount -t ext4btrfs".

> You are probably using ramfs, which does not have xattr support.

Do not specify root= in your kernel command line. If you specify root= you're
saying "switch off of initramfs to a different root filesystem", so it doesn't
make the overmounted filesystem tmpfs because you told it you wouldn't be using it.

(The decision of what to mount has to be made before it examines the cpio.gz
contents, so root= is used to signal "we are not keeping this initramfs" because
that's literally what root= means. Your root filesystem is not initramfs, it is
instead this thing to be mounted over initramfs.)

You can tell which you're using via /proc/mounts having a line:

rootfs / rootfs rw,size=121832k,nr_inodes=30458 0 0

If it's got the size= then it's tmpfs: ramfs basically doesn't have bounds
checking and "cat /dev/null > filename" on ramfs will lock your system solid due
to unpinnable memory exhaustion.

If you don't have a "rootfs" line at ALL then root= was used to overmount and
part of the gratuitously magic behavior of root= is it hides the rootfs line
from /proc/mounts even though the filesystem is actually still there, which is
not something it does for ANY OTHER OVERMOUNT:

  $ mkdir sub
  $ mount -t proc proc sub
  $ mount -t ramfs sub sub
  $ grep sub /proc/mounts
  proc /sub proc rw,relatime 0 0
  sub /sub ramfs rw,relatime 0 0

I've never understood why they added that gratuitous special case to hide how
the system actually works, but it's a land mine you have to be told about after
you've stepped on it in order to understand what's going on. Part of the reason
people think initramfs is so "magic" when PID 1 isn't, we don't HIDE the fact
that PID 1 is always there but we hide the fact initramfs is...

Rob

  parent reply	other threads:[~2022-07-19 10:53 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-05-23 12:18 [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk Roberto Sassu
2019-05-23 12:18 ` [PATCH v4 1/3] initramfs: add file metadata Roberto Sassu
2022-06-15 17:54   ` Eugeniu Rosca
2019-05-23 12:18 ` [PATCH v4 2/3] initramfs: read metadata from special file METADATA!!! Roberto Sassu
2019-07-01 12:54   ` Mimi Zohar
2019-05-23 12:18 ` [PATCH v4 3/3] gen_init_cpio: add support for file metadata Roberto Sassu
2019-06-30 15:27   ` Mimi Zohar
2022-06-16 14:47   ` Eugeniu Rosca
2022-06-16 15:16   ` Eugeniu Rosca
2022-06-30 15:06     ` Roberto Sassu
2022-06-30 20:38       ` Eugeniu Rosca
2019-06-03  9:31 ` [PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk Roberto Sassu
2019-06-03 18:32   ` Rob Landley
2019-06-26  8:15     ` Roberto Sassu
2019-06-30 15:39       ` Mimi Zohar
2019-07-01 13:42         ` Roberto Sassu
2019-07-01 14:31           ` Mimi Zohar
2019-07-15 16:54             ` Roberto Sassu
2019-07-24 15:34               ` Roberto Sassu
2022-06-09 10:26                 ` Eugeniu Rosca
2022-06-09 11:05                   ` Roberto Sassu
2022-06-10 15:33                     ` Eugeniu Rosca
2022-06-10 15:38                       ` Roberto Sassu
2022-06-15  9:27                         ` Eugeniu Rosca
2022-07-18 16:36                           ` Jim Baxter
2022-07-18 16:49                             ` Roberto Sassu
2022-07-18 18:08                               ` Jim Baxter
2022-07-19  6:55                                 ` Roberto Sassu
2022-07-19 11:50                                   ` Rob Landley
2022-07-19 12:26                                     ` Roberto Sassu
2022-07-19 14:14                                       ` Rob Landley
2022-07-20 11:52                                         ` Roberto Sassu
2022-07-29 10:37                                   ` Jim Baxter
2022-07-30  9:39                                     ` Rob Landley
2022-07-19 11:33                                 ` Rob Landley
2022-07-19 11:00                               ` Rob Landley [this message]
2019-07-01 13:22 ` Mimi Zohar
2022-06-15 15:50 ` Alexander Lobakin
2022-06-15 16:03   ` Roberto Sassu
2022-06-16 13:24 ` Eugeniu Rosca

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=99ae4aa6-b55a-55a9-e836-b0b483a358d6@landley.net \
    --to=rob@landley.net \
    --cc=Silviu.Vlasceanu@huawei.com \
    --cc=arnd@arndb.de \
    --cc=bug-cpio@gnu.org \
    --cc=dirk.behme@de.bosch.com \
    --cc=dmitry.kasatkin@huawei.com \
    --cc=erosca@de.adit-jv.com \
    --cc=hpa@zytor.com \
    --cc=initramfs@vger.kernel.org \
    --cc=james.w.mcmechan@gmail.com \
    --cc=jim_baxter@mentor.com \
    --cc=kamensky@cisco.com \
    --cc=linux-api@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kbuild@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=masahiroy@kernel.org \
    --cc=nivedita@alum.mit.edu \
    --cc=roberto.sassu@huawei.com \
    --cc=roscaeugeniu@gmail.com \
    --cc=takondra@cisco.com \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.ibm.com \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).