linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Andy Lutomirski <luto@amacapital.net>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Josh Triplett <josh@joshtriplett.org>,
	Rob Landley <rob@landley.net>,
	Frank Rowand <frowand.list@gmail.com>,
	"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
	Chuck Ebbert <cebbert.lkml@gmail.com>,
	Randy Dunlap <rdunlap@infradead.org>,
	Shuah Khan <shuah.kh@samsung.com>
Subject: Re: [PATCH v5] init: Disable defaults if init= fails
Date: Mon, 20 Oct 2014 13:14:54 -0700	[thread overview]
Message-ID: <CALCETrVg_rFmSCSnyztRtvANQLd9k_G+bU8FiQB_5O5ecUd99w@mail.gmail.com> (raw)
In-Reply-To: <20141014140052.2f114c158ffe6cd953020f1c@linux-foundation.org>

On Tue, Oct 14, 2014 at 2:00 PM, Andrew Morton
<akpm@linux-foundation.org> wrote:
> On Wed, 1 Oct 2014 11:13:14 -0700 Andy Lutomirski <luto@amacapital.net> wrote:
>
>> On Wed, Oct 1, 2014 at 11:05 AM,  <josh@joshtriplett.org> wrote:
>> > On Tue, Sep 30, 2014 at 09:53:56PM -0700, Andy Lutomirski wrote:
>> >> I significantly prefer default N.  Scripts that play with init= really
>> >> don't want the fallback, and I can imagine contexts in which it could
>> >> be a security problem.
>> >
>> > While I certainly would prefer the non-fallback behavior for init as
>> > well, standard kernel practice has typically been to use "default y" for
>> > previously built-in features that become configurable.  And I'd
>> > certainly prefer a compile-time configuration option like this (even
>> > with default y) over a "strictinit" kernel command-line option.
>> >
>>
>> Fair enough.
>>
>> So: "default y" for a release or two, then switch the default?  Having
>> default y will annoy virtme, though it's not the end of the world.
>> Virtme is intended to work with more-or-less-normal kernels.
>>
>
> Adding another Kconfig option is tiresome.  What was wrong with strictinit=?

Now that this thread has gotten absurdly wrong, any thoughts?

My preference order is:

1. The patch as is.
2. The patch, minus the config option (i.e. making it unconditional).
3. Something else.

I would very much prefer to get *something* merged.  The current
behavior is problematic for scripted kernel boots that don't use
initramfs.

I can be flexible on the something else.  One option would be to allow
a whole list of commands in init=, but that has compatibility issues.
Another would be adding an option like init_fallback=/bin/sh.  A third
is the original strictinit mechanism.  I don't really like any of
them, because they're all more complex.

IOW, the no-fallback behavior is easy to implement, easy to
understand, and has extremely predictable behavior.  The fallback
behavior is more user friendly if you consider having a chance of
booting to something useful if you typo your init= option (but also a
chance of booting to something actively undesirable).

--Andy

-- 
Andy Lutomirski
AMA Capital Management, LLC

  parent reply	other threads:[~2014-10-20 20:15 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-09-29  2:40 [PATCH v5] init: Disable defaults if init= fails Andy Lutomirski
2014-09-30 12:12 ` Chuck Ebbert
2014-10-01  0:41 ` Frank Rowand
2014-10-01  0:58   ` Rob Landley
2014-10-01  1:52     ` Frank Rowand
2014-10-01  3:16       ` Rob Landley
2014-10-01  4:53         ` Andy Lutomirski
2014-10-01 18:05           ` josh
2014-10-01 18:13             ` Andy Lutomirski
2014-10-01 22:42               ` josh
2014-10-14 21:00               ` Andrew Morton
2014-10-14 21:21                 ` Andy Lutomirski
2014-10-15  5:46                   ` Frank Rowand
2014-10-15  5:56                     ` Andy Lutomirski
2014-10-15  6:37                       ` Frank Rowand
2014-10-15 15:18                 ` Rob Landley
2014-10-20 20:14                 ` Andy Lutomirski [this message]
2014-10-20 21:01                   ` Josh Triplett
2014-10-20 21:28                     ` Andrew Morton
2014-10-20 21:34                       ` Andy Lutomirski
2014-10-20 21:41                         ` Andrew Morton
2014-10-20 21:42                           ` Andy Lutomirski
2014-10-20 21:44                             ` Andrew Morton
2014-10-20 22:04                               ` [PATCH] init: Remove CONFIG_INIT_FALLBACK Andy Lutomirski
2014-10-20 22:06                                 ` josh
2014-10-21  3:45                                 ` Rob Landley
2014-10-21  4:02                                   ` Andy Lutomirski
2014-10-21  4:15                                     ` Rob Landley
2014-10-21  9:53                                 ` Geert Uytterhoeven
2014-10-21 10:05                                   ` Josh Triplett
2014-10-14  0:47 ` [PATCH v5] init: Disable defaults if init= fails Rusty Russell

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=CALCETrVg_rFmSCSnyztRtvANQLd9k_G+bU8FiQB_5O5ecUd99w@mail.gmail.com \
    --to=luto@amacapital.net \
    --cc=akpm@linux-foundation.org \
    --cc=cebbert.lkml@gmail.com \
    --cc=frowand.list@gmail.com \
    --cc=josh@joshtriplett.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=rdunlap@infradead.org \
    --cc=rob@landley.net \
    --cc=shuah.kh@samsung.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).