These parameters can now be specified multiple times:
-a|--add
--add-drivers
-m|--modules
-o|--omit
-d|--drivers
--filesystems
-I|--install
--fwdir
-i|--include
This adds the following parameters:
rd.caps=1
turn the caps module on/off
rd.caps.initdrop=cap_sys_module,cap_sys_rawio
drop the specified comma seperated capabilities
rd.caps.disablemodules=1
turn off module loading
rd.caps.disablekexec=1
turn off the kexec functionality
If module loading is turned off, all modules have to be loaded in the
initramfs, which are used later on. This can be done with
"rd.driver.pre="
rd.driver.pre=autofs4,sunrpc,ipt_REJECT,nf_conntrack_ipv4,....
Because the kernel command line would get huge with all those drivers, I
recommend to make use of $initramfs/etc/cmdline.
So, all rd.caps.* and rd.driver.pre arguments are in caps.conf can be
copied to $initramfs/etc/cmdline with "-i caps.conf /etc/cmdline".
Also all modules have to be loaded in the initramfs via "--add-drivers".
The resulting initramfs creation would look like this:
--add-drivers "autofs4 sunrpc ipt_REJECT nf_conntrack_ipv4 \
nf_defrag_ipv4 iptable_filter ip_tables
ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack
ip6table_filter ip6_tables dm_mirror dm_region_hash dm_log uinput ppdev
parport_pc parport ipv6 sg 8139too 8139cp mii i2c_piix4 i2c_core ext3
jbd mbcache sd_mod crc_t10dif sr_mod cdrom ata_generic pata_acpi ata_piix
dm_mod" \
/boot/initramfs-caps.img
We want all "/var/run" information to live in /dev/.run, until the real
root is mounted.
Therefore we mount a tmpfs on /dev/.run, which can/will be bind/move mounted
on /var/run later on.
This allows creation of initramfs images which contain a Live system.
The primary use for this is keeping very large initramfs-based systems
(e.g. anaconda, the Fedora installer) compressed in-memory, by using a
compressed filesystem image like squashfs or btrfs.
dmsquash-live-genrules.sh will initqueue dmsquash-live-root itself
(rather than making udev rules) if the given live "device" is actually
an existing, plain file.
parse-dmsquash-live.sh will only accept paths that end in ".img".
dmsquash-live-root will only handle images named "*squashfs.img",
"*ext3fs.img", or "*btrfs.img".
btrfsctl is being replaced by the btrfs command in the upstream
tools, so change accordingly. Also, if we're using the btrfs module
we should probably make sure the btrfs driver gets installed.
inst_dir used the following to try to resolve a relative path:
[[ $target = ${target##*/} ]] && target="${file%/*}/$target"
inst_dir $target
This will only match if $target has no slashes, so something like
/usr/bin -> ../sbin would result in: inst_dir ../sbin, or
/usr/share -> local/share would result in: inst_dir local/share
which is not going to do the right thing.
Instead, we resolve any non-absolute link, like so:
[[ $target == ${target#/} ]] && target=$(dirname "$file")/$target
Thus /usr/bin -> ../sbin results in: inst_dir /usr/../sbin, and
/usr/share -> local/share results in: inst_dir /usr/local/share
which is what you would expect.
Some versions of dash don't behave as expected with code like this:
while IFS=: read a b c; do
blah
done
Thanks to Eric Mertens who identified the issue.
The FIPS installkernel() relies on the instmods() return value. So only
return 0, if the module and its dependencies were actually installed
correctly.
Commit 172d85b9c9 caused following error:
./dracut-functions: line 307: cd: /tmp/initramfs.mP7cPY/tmp/initramfs.mP7cPY/lib64: No such file or directory
Patch removes beginning $initdir for symlink case.
Harald Hoyer