101 lines
3.7 KiB
Diff
101 lines
3.7 KiB
Diff
From ff3953efe1aec2229273cd59e7d35a540de0e476 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Amadeusz=20=C5=BBo=C5=82nowski?= <aidecoe@aidecoe.name>
|
|
Date: Thu, 26 Jul 2012 16:44:09 +0200
|
|
Subject: [PATCH] ro_mnt - option at build time to force ro mount of / and
|
|
/usr
|
|
|
|
---
|
|
dracut.conf | 3 +++
|
|
dracut.conf.5.asc | 3 +++
|
|
dracut.sh | 6 +++++-
|
|
modules.d/99base/module-setup.sh | 3 +++
|
|
4 files changed, 14 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/dracut.conf b/dracut.conf
|
|
index f47d571..f912acc 100644
|
|
--- a/dracut.conf
|
|
+++ b/dracut.conf
|
|
@@ -43,6 +43,9 @@ lvmconf="yes"
|
|
# inhibit installation of any fsck tools
|
|
#nofscks="yes"
|
|
|
|
+# mount / and /usr read-only by default
|
|
+#ro_mnt="no"
|
|
+
|
|
# set the directory for temporary files
|
|
# default: /var/tmp
|
|
#tmpdir=/tmp
|
|
diff --git a/dracut.conf.5.asc b/dracut.conf.5.asc
|
|
index d17477d..89bbf61 100644
|
|
--- a/dracut.conf.5.asc
|
|
+++ b/dracut.conf.5.asc
|
|
@@ -97,6 +97,9 @@ If chrooted to another root other than the real root device, use --fstab and pro
|
|
*nofscks=*"__{yes|no}__"::
|
|
If specified, inhibit installation of any fsck tools.
|
|
|
|
+*ro_mnt*
|
|
+ Mount _/_ and _/usr_ read-only by default.
|
|
+
|
|
*kernel_only=*"__{yes|no}__"::
|
|
Only install kernel drivers and firmware files. (default=no)
|
|
|
|
diff --git a/dracut.sh b/dracut.sh
|
|
index d8b3354..eee829e 100755
|
|
--- a/dracut.sh
|
|
+++ b/dracut.sh
|
|
@@ -101,6 +101,7 @@ Creates initial ramdisk images for preloading modules
|
|
--nolvmconf Do not include local /etc/lvm/lvm.conf
|
|
--fscks [LIST] Add a space-separated list of fsck helpers.
|
|
--nofscks Inhibit installation of any fsck helpers.
|
|
+ --ro-mnt Mount / and /usr read-only by default.
|
|
-h, --help This message
|
|
--debug Output debug information of the build process
|
|
--profile Output profile information of the build process
|
|
@@ -261,6 +262,7 @@ TEMP=$(unset POSIXLY_CORRECT; getopt \
|
|
--long add-fstab: \
|
|
--long mount: \
|
|
--long nofscks: \
|
|
+ --long ro-mnt \
|
|
--long kmoddir: \
|
|
--long conf: \
|
|
--long confdir: \
|
|
@@ -326,6 +328,7 @@ while :; do
|
|
--add-fstab) push add_fstab_l "$2"; shift;;
|
|
--mount) push fstab_lines "$2"; shift;;
|
|
--nofscks) nofscks_l="yes";;
|
|
+ --ro-mnt) ro_mnt_l="yes";;
|
|
-k|--kmoddir) drivers_dir_l="$2"; shift;;
|
|
-c|--conf) conffile="$2"; shift;;
|
|
--confdir) confdir="$2"; shift;;
|
|
@@ -558,6 +561,7 @@ stdloglvl=$((stdloglvl + verbosity_mod_l))
|
|
[[ $compress_l ]] && compress=$compress_l
|
|
[[ $show_modules_l ]] && show_modules=$show_modules_l
|
|
[[ $nofscks_l ]] && nofscks="yes"
|
|
+[[ $ro_mnt_l ]] && ro_mnt="yes"
|
|
# eliminate IFS hackery when messing with fw_dir
|
|
fw_dir=${fw_dir//:/ }
|
|
|
|
@@ -779,7 +783,7 @@ fi
|
|
export initdir dracutbasedir dracutmodules drivers \
|
|
fw_dir drivers_dir debug no_kernel kernel_only \
|
|
add_drivers omit_drivers mdadmconf lvmconf filesystems \
|
|
- use_fstab fstab_lines libdirs fscks nofscks \
|
|
+ use_fstab fstab_lines libdirs fscks nofscks ro_mnt \
|
|
stdloglvl sysloglvl fileloglvl kmsgloglvl logfile \
|
|
debug host_fs_types host_devs sshkey add_fstab \
|
|
DRACUT_VERSION udevdir systemdutildir systemdsystemunitdir \
|
|
diff --git a/modules.d/99base/module-setup.sh b/modules.d/99base/module-setup.sh
|
|
index f20ca1a..dde1285 100755
|
|
--- a/modules.d/99base/module-setup.sh
|
|
+++ b/modules.d/99base/module-setup.sh
|
|
@@ -50,6 +50,9 @@ install() {
|
|
fi
|
|
|
|
ln -fs /proc/self/mounts "$initdir/etc/mtab"
|
|
+ if [[ $ro_mnt = yes ]]; then
|
|
+ echo ro >> "${initdir}/etc/cmdline.d/base.conf"
|
|
+ fi
|
|
|
|
if [ -e /etc/os-release ]; then
|
|
. /etc/os-release
|