From: Rene Mayrhofer <rene.mayrhofer@gibraltar.at>
To: Alan Cox <alan@lxorguk.ukuu.org.uk>
Cc: Jason Baron <jbaron@redhat.com>,
vda@port.imtp.ilyichevsk.odessa.ua,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>
Subject: Re: pivot_root seems to be broken in 2.4.21-ac4
Date: Tue, 22 Jul 2003 22:37:51 +0200 [thread overview]
Message-ID: <3F1DA09F.4020503@gibraltar.at> (raw)
In-Reply-To: <1058904025.4160.30.camel@dhcp22.swansea.linux.org.uk>
[-- Attachment #1: Type: text/plain, Size: 974 bytes --]
Hi Alan,
Alan Cox wrote:
> 2.4.22pre7 has the unshare_files fix - its a security fix.
>
> It should not have changed the behaviour so I'm very interested to
> know if that specific patch set changes the behaviour and precisely
> what your code is doing
I have now compiled vanilla 2.4.21 with the same configuration (but
without the netfilter patch-o-matic patches, which shouldn't matter) -
it works. But now I'm again stuck without the CLE266 module. Attached is
the script that does the actual root fs switch (it is called from init
after the daemons have been stopped, i.e. during runlevel change). I
hope I haven't done anything too stupid in this script, embarassing
myself with this post to LKML... ;)
If you want, I could send you a diff of the two trees (between my
patched 2.4.21 and 2.4.21-ac4 trees). But it will mostly be just your
own -ac4 patch, with preempt and patch-o-matic stuff applied.
Would it help if I tried it with 2.4.22pre7 ?
- Rene
[-- Attachment #2: switch-to-cramfs --]
[-- Type: text/plain, Size: 2971 bytes --]
#!/bin/sh
# Switch from harddisk to RAM mode.
#
# Rene Mayrhofer, 2003
. /etc/cramdisk.conf
mntpoint=/cramfs
if [ -e /on-cramfs ]; then
echo "Already running on CRAMFS."
exit 1
fi
if grep -q "$mntpoint" /proc/mounts; then
umount $mntpoint/mnt 2>/dev/null
umount $mntpoint/var 2>/dev/null
umount $mntpoint/data 2>/dev/null
umount $mntpoint/dev 2>/dev/null
umount $mntpoint/proc 2>/dev/null
umount $mntpoint
fi
echo "Building CRAMFS image"
#/usr/local/sbin/createramfs.sh
echo "Mounting CRAMFS image"
# this is stupid - why do we have to do it twice before it works ??
dd if=/boot/cramfs.img of=/dev/rd/0 2>/dev/null
mount -t cramfs /dev/rd/0 $mntpoint
dd if=/boot/cramfs.img of=/dev/rd/0 2>/dev/null
mount -t cramfs /dev/rd/0 $mntpoint
cd $mntpoint
echo "Mounting needed kernel filesystems"
mount -nt proc none proc/
mount -nt devfs none dev/
echo "Changing root to CRAMFS"
/sbin/pivot_root . mnt <dev/console >dev/console 2>&1
echo "Creating RAM disk for var/"
mount -nt tmpfs -o size=300M none var/
echo "Creating directories for var"
for d in $CREATE_VAR_DIRS; do
mkdir -p var/$d
done
echo "Copying directories to var/"
for d in $COPY_VAR_DIRS; do
mkdir -p var/$d
cp -dp mnt/var/$d/* var/$d/ 2> /dev/null
done
echo "Linking directories for var"
for d in $LINK_VAR_DIRS; do
ln -s /var-static/$d var/`dirname $d`
done
echo "Re-executing init"
/usr/sbin/chroot . /sbin/telinit u <dev/console >/dev/console 2>&1
echo "Killing all processes that still have stuff open on /mnt"
/usr/bin/killall getty
/usr/sbin/lsof -n | grep "/mnt" |
while read name pid user fd type device size node name; do
# don't kill ourselves or the currently running rc script ....
if [ -d /proc/$pid ] &&
! cat /proc/$pid/cmdline | grep -q "switch-to-cramfs" &&
! cat /proc/$pid/cmdline | grep -q "/etc/init.d/rc"; then
/bin/kill -9 $pid
fi
done
echo "Mounting data directory read-only"
if grep -q "/mnt/data" /proc/mounts; then
umount -n /mnt/data
fi
mount -nt ext2 -o ro /dev/discs/disc0/part3 /data
echo -n "Postponing unmount of filesystems until runlevel switch has completed"
/usr/sbin/chroot . /bin/bash -c '
# the grep -v is because the processlist contains this command itself...
while ps ax | grep -v "\"/etc/init.d/rc\"" | grep -q "/etc/init.d/rc"; do
sleep 1s
done
echo "Unmounting old filesystems"
if grep -q "/mnt/dev" /proc/mounts; then
umount -n /mnt/dev
fi
if grep -q "/mnt/proc/bus/usb" /proc/mounts; then
umount -n /mnt/proc/bus/usb
fi
if grep -q "/mnt/proc" /proc/mounts; then
umount -n /mnt/proc
fi
if grep -q "/mnt/mnt/cdrom" /proc/mounts; then
umount -n /mnt/mnt/cdrom
fi
if grep -q "/mnt/mnt/usb" /proc/mounts; then
umount -n /mnt/mnt/usb
fi
if grep -q "/mnt/data" /proc/mounts; then
umount -n /mnt/data
fi
if umount /mnt; then
/sbin/hdparm -y /dev/hda
fi' < /dev/null > /dev/null 2> /dev/null &
echo "."
exit 0
next prev parent reply other threads:[~2003-07-22 20:20 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-07-21 20:53 pivot_root seems to be broken in 2.4.21-ac4 Rene Mayrhofer
2003-07-22 6:24 ` Denis Vlasenko
2003-07-22 6:50 ` Rene Mayrhofer
2003-07-22 17:37 ` Jason Baron
2003-07-22 17:40 ` Alan Cox
2003-07-22 18:03 ` Rene Mayrhofer
2003-07-22 20:00 ` Alan Cox
2003-07-22 20:37 ` Rene Mayrhofer [this message]
2003-07-22 21:54 ` Alan Cox
2003-07-23 6:23 ` pivot_root seems to be broken in 2.4.21-ac4 and 2.4.22-pre7 Rene Mayrhofer
2003-07-22 22:14 ` pivot_root seems to be broken in 2.4.21-ac4 Mika Penttilä
2003-07-22 23:38 ` Alan Cox
2003-07-23 6:30 ` pivot_root seems to be broken in 2.4.21-ac4 and 2.4.22-pre7 Rene Mayrhofer
2003-07-24 2:24 ` Jason Baron
2003-07-24 7:11 ` Rene Mayrhofer
2003-07-22 18:25 ` pivot_root seems to be broken in 2.4.21-ac4 Mika Penttilä
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3F1DA09F.4020503@gibraltar.at \
--to=rene.mayrhofer@gibraltar.at \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=jbaron@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=vda@port.imtp.ilyichevsk.odessa.ua \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.