Re: [PATCH v2] initramfs: Support unpacking directly to tmpfs

From: Askar Safin <safinaskar@gmail.com>
To: emily@redcoat.dev
Cc: initramfs@vger.kernel.org, rob@landley.net
Subject: Re: [PATCH v2] initramfs: Support unpacking directly to tmpfs
Date: Tue, 19 Dec 2023 22:22:43 +0300	[thread overview]
Message-ID: <CAPnZJGAqrj4f+63-cwOpTk+bL2mzpmThSthmGGmfQTTbxT+Taw@mail.gmail.com> (raw)

Hi, Emily.

I propose this solution: in very beginning of your initramfs's init do
equivalent of this:

mkdir root
mount --bind / root
cd root
mount --move . /
chroot .

And then everything else.

This will create second mount of initramfs. Everything will look same,
but pivot_root will work.

Also, you can do this: create file named, say, "preinit" and put it to
initramfs. Write to this file code above and put to the end of the
file "exec /init". Of course, "preinit" could be written in shell or C
or any other language. Add "rdinit=/preinit" to kernel command line.
This will execute preinit at first, preinit will duplicate initramfs
mount and then execute actual initramfs's init.

I didn't test this, but I'm nearly sure it will work. If you want, I
can test this.

Also you can put "rdinit=/preinit" to CONFIG_CMDLINE. As well as I
understand, CONFIG_CMDLINE will be merged with command line provided
by bootloader, but I'm not sure. Also you can link small initramfs
with /preinit to kernel image. Again, as well as I understand it will
be merged with initramfs provided by bootloader. Thus, kernel with
CONFIG_CMDLINE and with linked in initramfs with /preinit will behave
very similarly to kernel with your patch. Of course, initial mount
will not be empty, but I think this is a minor point.

Of course, instead of that "mount --bind" trick you can do the same
with "cp + rm" solution.

Also, I remember I saw patch similar to yours in Linux mailing lists.
It was rejected, too. If you want I can try to find it.

I suggest solution described above. But let me also provide some
alternative solutions. You can implement patch similar to yours, but
which will work unconditionally, always. This will solve the problem
once and for all. Ideally initial mount will be nullfs as suggested by
Rob. I. e. file system, which has no state at all. To make sure
containers cannot exchange data. I think such filesystem is easy to
create. All operations will be no-ops. Look at "fs" directory in
kernel tree and write something similar.

Another way is to make pivot_root work with initial mount. I think
this will be hard.

Note that Rob Landley is absent from MAINTAINERS file (
https://elixir.bootlin.com/linux/latest/source/MAINTAINERS ), so he
doesn't decide whether a patch will be accepted. (I doesn't decide,
too. I'm not a kernel developer, I just occasionally found this thread
and decided to answer.)

If you ever want to start new discussion or sent new patch, then,
please, sent it to LKML, not to initramfs@vger.kernel.org . As you can
see here: https://lore.kernel.org/initramfs/ , new discussions are
started nearly once a month at initramfs@vger.kernel.org , so I think
very few people will see your message.

Ask me any questions.

-- 
Askar Safin