You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.3 KiB
34 lines
1.3 KiB
14 years ago
|
This adds the following parameters:
|
||
|
|
rd.caps=1
|
||
|
|
turn the caps module on/off
|
||
|
|
rd.caps.initdrop=cap_sys_module,cap_sys_rawio
|
||
|
|
drop the specified comma seperated capabilities
|
||
|
|
rd.caps.disablemodules=1
|
||
|
|
turn off module loading
|
||
|
|
rd.caps.disablekexec=1
|
||
|
|
turn off the kexec functionality
|
||
|
|
|
||
|
|
If module loading is turned off, all modules have to be loaded in the
|
||
|
|
initramfs, which are used later on. This can be done with
|
||
|
|
"rd.driver.pre="
|
||
|
|
rd.driver.pre=autofs4,sunrpc,ipt_REJECT,nf_conntrack_ipv4,....
|
||
|
|
|
||
|
|
Because the kernel command line would get huge with all those drivers, I
|
||
|
|
recommend to make use of $initramfs/etc/cmdline.
|
||
|
|
|
||
|
|
So, all rd.caps.* and rd.driver.pre arguments are in caps.conf can be
|
||
|
|
copied to $initramfs/etc/cmdline with "-i caps.conf /etc/cmdline".
|
||
|
|
|
||
|
|
Also all modules have to be loaded in the initramfs via "--add-drivers".
|
||
|
|
|
||
|
|
The resulting initramfs creation would look like this:
|
||
|
|
|
||
|
|
--add-drivers "autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 \
|
||
|
|
nf_defrag_ipv4 iptable_filter ip_tables
|
||
|
|
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack
|
||
|
|
ip6table_filter ip6_tables dm_mirror dm_region_hash dm_log uinput ppdev
|
||
|
|
parport_pc parport ipv6 sg 8139too 8139cp mii i2c_piix4 i2c_core ext3
|
||
|
|
jbd mbcache sd_mod crc_t10dif sr_mod cdrom ata_generic pata_acpi ata_piix
|
||
|
|
dm_mod" \
|
||
|
|
/boot/initramfs-caps.img
|