[PATCH v4 0/3] initramfs: add support for xattrs in the initial ram disk
Rob Landley
rob at landley.net
Tue Jul 19 11:00:04 UTC 2022
On 7/18/22 11:49, Roberto Sassu wrote:
> Uhm, I guess this could be solved with:
>
> https://github.com/openeuler-mirror/kernel/commit/18a502f7e3b1de7b9ba0c70896ce08ee13d052da
>
> and adding initramtmpfs to the kernel command line.
It's initmpfs. You can argue about whether it should have two t's (I was
consistent naming it in the patch series adding it), but ramfs and tmpfs are two
different things and saying "initramtmpfs" is like saying "mount -t ext4btrfs".
> You are probably using ramfs, which does not have xattr support.
Do not specify root= in your kernel command line. If you specify root= you're
saying "switch off of initramfs to a different root filesystem", so it doesn't
make the overmounted filesystem tmpfs because you told it you wouldn't be using it.
(The decision of what to mount has to be made before it examines the cpio.gz
contents, so root= is used to signal "we are not keeping this initramfs" because
that's literally what root= means. Your root filesystem is not initramfs, it is
instead this thing to be mounted over initramfs.)
You can tell which you're using via /proc/mounts having a line:
rootfs / rootfs rw,size=121832k,nr_inodes=30458 0 0
If it's got the size= then it's tmpfs: ramfs basically doesn't have bounds
checking and "cat /dev/null > filename" on ramfs will lock your system solid due
to unpinnable memory exhaustion.
If you don't have a "rootfs" line at ALL then root= was used to overmount and
part of the gratuitously magic behavior of root= is it hides the rootfs line
from /proc/mounts even though the filesystem is actually still there, which is
not something it does for ANY OTHER OVERMOUNT:
$ mkdir sub
$ mount -t proc proc sub
$ mount -t ramfs sub sub
$ grep sub /proc/mounts
proc /sub proc rw,relatime 0 0
sub /sub ramfs rw,relatime 0 0
I've never understood why they added that gratuitous special case to hide how
the system actually works, but it's a land mine you have to be told about after
you've stepped on it in order to understand what's going on. Part of the reason
people think initramfs is so "magic" when PID 1 isn't, we don't HIDE the fact
that PID 1 is always there but we hide the fact initramfs is...
Rob
More information about the Linux-security-module-archive
mailing list