Dracut uses the module deps to determine module dependencies
but that only works for modules with hard symbolic dependencies.
Some modules have dependencies created via callback API's or other
methods which aren't reflected in the modules.dep but rather in
modules.softdep through the use of "pre:" and "post:" commands
created in the kernel with MODULE_SOFTDEP().
Since in dracut we are only concerned about early boot, this patch
only looks at the pre: section of modules which are already being
inserted in the initrd under the assumption that the pre: section
lists dependencies required for the functionality of the module being
installed in the initrd.
Signed-off-by: Jeremy Linton <lintonrjeremy@gmail.com>
kerneldirlen is used to modify absolute path returned by
kmod_module_get_path() while it is calculated on user-supplied
--kerneldir argument which can be a relative path.
Use kmod_get_dirname() to convert user-supplied path to the same format
as used by kmod_module_get_path().
This also allows to get rid of now useless strcmp checks that seem to
imply that /lib and /usr/lib are linked which is not always true.
Specifying a different kernel module directory with --kmoddir would
result in the same directory being the destination directory.
Strip everything before the "/lib/modules" for the destination dir.
https://github.com/dracutdevs/dracut/issues/194
Preserve extended attributes when copying files using dracut-install.
The copying of extended attributes avoids file execution denials when
the Linux Integrity Measurement's Appraisal mode is active. In that mode
executables need their file signatures copied. In particular, this patch
solves the problem that dependent libaries are not included in the
initramfs since the copied programs could not be executed due to missing
signatures. The following audit record shows the type of failure that
is now prevented:
type=INTEGRITY_DATA msg=audit(1477409025.492:30065): pid=922 uid=0
auid=4294967295 ses=4294967295
subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
op="appraise_data" cause="IMA-signature-required"
comm="ld-linux-x86-64"
name="/var/tmp/dracut.R6ySa4/initramfs/usr/bin/journalctl"
dev="dm-0" ino=37136 res=0
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
If a module is renamed or another module takes care of the old one,
all of the alias strings have to be checked against the current set of
loaded modules.
This is still incomplete, because to be absolutely correct, all the
/sys/*...*/modalias files would have to be checked, if they match the
modules alias strings.
loginstall specifies a directory, in which dracut-install records all
files, which were installed from the host system to the initramfs.
Use case is e.g. to create a list of packages to watch for updates, to
maybe trigger a recreation of the initramfs.
inst* functions and dracut-install now accept the "-H" flag, which
logs all installed files to /lib/dracut/hostonly-files. This is used
to remove those files, if rd.hostonly is given on the kernel command line.
dracut-install could not handle output like:
/lib/$LIB/liblsp.so => /lib/lib64/liblsp.so (0x00007faf00727000)
also unset LD_PRELOAD, so we get a clean environment
some HW has different flavors of basic libs
$ ldconfig -p|fgrep libc.so
libc.so.6 (libc6,64bit, hwcap: 0x0000001000000000, OS ABI: Linux 2.6.32) => /lib64/power6/libc.so.6
libc.so.6 (libc6,64bit, hwcap: 0x0000000000000200, OS ABI: Linux 2.6.32) => /lib64/power6x/libc.so.6
libc.so.6 (libc6,64bit, OS ABI: Linux 2.6.32) => /lib64/libc.so.6
because setting LD_HWCAP_MASK=0 does not work, we have to workaround
this.
$ LD_TRACE_LOADED_OBJECTS=1 LD_HWCAP_MASK=0 /lib64/ld64.so.1 /bin/sh | fgrep libc.so
libc.so.6 => /lib64/power6/libc.so.6 (0x000000804e260000)
Now we try to install the same library from one directory above the one
we installed also.
asprintf prints to an allocated string. When successful, the
functions return the number of bytes printed. If memory allocation
wasn't possible, or some other error occurs, the function will return
-1.
Don't check strp as a result of asprintf, it's content may be undefined.
man 3 asprintf
Operate in install_all and install_one consequently on EXIT_SUCCESS
and EXIT_FAILURE termination code macros as they are meant to be
returned from these functions.
In recent Fedora distro are all hmac files located in /lib
(to avoid multiarch conflict).
When installing hmac file, also install files from these locations.
Signed-off-by: Milan Broz <mbroz@redhat.com>
While such paths should not be included internally, we cannot
guarantee that external scripts with shebangs will not do this.
Some older versions of plymouth also resulted in double /'s
in some paths, so best deal with this gracefully.
If we are doing lazy dep solving and happen to process a script with a
shebang on e.g. /bin/bash before we encounter the actual binary itself
we effectively ignore the fact that we've been asked to resolve the deps
and put the item in the 'seen' hashmap. Thus when we later really do try
and resolve deps, we short circuit and don't do anything.
Example test case:
$ cd
$ mkdir -p foo/bin
$ cp /bin/bash foo/bin
$ echo '#!/bin/bash' >foo/bin/script
$ dracut-install -D $HOME/foo -R $HOME/foo/bin/script $HOME/foo/bin/bash
Harald Hoyer