# filter only what is wanted by this script: aliases and options
modprobe_c_cache=$(modprobe -c | grep -E '^(alias|options)')
+ echo "$modprobe_c_cache"
}
# parse kernel cmdline
if ! grep -Fq selinuxfs /proc/filesystems; then
# no support in kernel, no chance
SELINUX=no
- elif ! is_fsmounted selinuxfs /selinux; then
- mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
+ elif ! is_fsmounted selinuxfs $selinuxfsdir; then
+ mount -n -t selinuxfs selinuxfs $selinuxfsdir
fi
# Check SELinux status
is_yes "$AUTOSWAP" && enable_autoswap
}
-# Remove duplicate entries from mtab (for vserver guest use only)
-clean_vserver_mtab() {
- > /etc/mtab.clean
- while read device mountpoint line; do
- grep -qs "$mountpoint" /etc/mtab.clean || \
- echo "$device $mountpoint $line" >> /etc/mtab.clean
- done < /etc/mtab
- cat /etc/mtab.clean > /etc/mtab
- rm -f /etc/mtab.clean
-}
-
# Loads modules from /etc/modules, /etc/modules.X.Y and /etc/modules.X.Y.Z
load_kernel_modules() {
local modules_file=$1
RC_BOOTLOG=
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# we need /proc mounted before everything
is_fsmounted proc /proc || mount -n /proc || mount -n -o gid=17,hidepid=2 -t proc /proc /proc
parse_cmdline
if [ -d /run ]; then
- is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
+ is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev
fi
# Early sysctls
# sysfs is also needed before any other things (under kernel > 2.5)
if ! is_fsmounted sysfs /sys; then
- grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys
+ grep -Fq sysfs /proc/filesystems && mount -n -t sysfs sysfs /sys
fi
if grep -Fq securityfs /proc/filesystems; then
- mount -n -o gid=17 -t securityfs securityfs /sys/kernel/security
+ mount -n -t securityfs securityfs /sys/kernel/security
+ fi
+ if [ -d /sys/firmware/efi ] && ! is_fsmounted efivarfs /sys/firmware/efi/efivars; then
+ mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars
fi
- init_selinux
-
- # TLD Linux LiveCD support
- if [ -x /etc/rc.d/rc.live ]; then
- /etc/rc.d/rc.live
+ if [ -d /sys/fs/selinux ]; then
+ # Linux 3.0+
+ selinuxfsdir=/sys/fs/selinux
+ else
+ selinuxfsdir=/selinux
fi
+ init_selinux
# Choose Hardware profile
if ! is_no "$HWPROFILES" && [ -f /etc/sysconfig/hwprof ]; then
domainname ""
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# Set console loglevel
if [ -n "$CONSOLE_LOGLEVEL" ]; then
dmesg -n $CONSOLE_LOGLEVEL
IN_INITLOG=""
fi
-if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
+if [[ "$container" != lxc* ]]; then
# Clear mtab
> /etc/mtab
[ -f /etc/cryptomtab ] && > /etc/cryptomtab
mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
fi
if is_fsmounted tmpfs /run; then
- mount -f -t tmpfs run /run 2> /dev/null
+ mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null
fi
if is_fsmounted usbfs /proc/bus/usb; then
if is_fsmounted securityfs /sys/kernel/security ; then
mount -f -t securityfs securityfs /sys/kernel/security 2> /dev/null
fi
+ if [ -d /sys/firmware/efi ] && is_fsmounted efivarfs /sys/firmware/efi/efivars ; then
+ mount -f -t efivarfs efivarfs /sys/firmware/efi/efivars 2> /dev/null
+ fi
fi
- if is_fsmounted selinuxfs /selinux; then
- mount -f -t selinuxfs selinuxfs /selinux 2> /dev/null
+ if is_fsmounted selinuxfs $selinuxfsdir; then
+ mount -f -t selinuxfs selinuxfs $selinuxfsdir 2> /dev/null
fi
if [ ! -f /proc/modules ]; then
killall -IO blogd
fi
- clean_vserver_mtab
fi
is_yes "$SELINUX" && [ -f /.autorelabel ] && relabel_selinux
test -d /var/run/netreport || mkdir -m 770 /var/run/netreport
-if ! is_yes "$VSERVER"; then
- enable_swap
+enable_swap
- # If a SCSI tape has been detected, load the st module unconditionally
- # since many SCSI tapes don't deal well with st being loaded and unloaded
- if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then
- if grep -qv ' 9 st' /proc/devices 2>/dev/null; then
- if [ -n "$USEMODULES" ] ; then
- # Try to load the module. If it fails, ignore it...
- insmod -p st >/dev/null 2>&1 && modprobe -s st
- fi
+# If a SCSI tape has been detected, load the st module unconditionally
+# since many SCSI tapes don't deal well with st being loaded and unloaded
+if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then
+ if grep -qv ' 9 st' /proc/devices 2>/dev/null; then
+ if [ -n "$USEMODULES" ] ; then
+ # Try to load the module. If it fails, ignore it...
+ insmod -p st >/dev/null 2>&1 && modprobe -s st
fi
fi
+fi
- # Now that we have all of our basic modules loaded and the kernel going,
- # let's dump the syslog ring somewhere so we can find it later
- mode=0600
- if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then
- mode=0644
- fi
- dmesg --raw > /var/log/dmesg
- chmod $mode /var/log/dmesg
- i=5
- while [ $i -ge 0 ]; do
- if [ -f /var/log/dmesg.$i ]; then
- mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1))
- fi
- i=$(($i-1))
- done
- cp -pf /var/log/dmesg /var/log/dmesg.0
+# Now that we have all of our basic modules loaded and the kernel going,
+# let's dump the syslog ring somewhere so we can find it later
+mode=0600
+if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then
+ mode=0644
fi
+dmesg --raw > /var/log/dmesg
+chmod $mode /var/log/dmesg
+i=5
+while [ $i -ge 0 ]; do
+ if [ -f /var/log/dmesg.$i ]; then
+ mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1))
+ fi
+ i=$(($i-1))
+done
+cp -pf /var/log/dmesg /var/log/dmesg.0
if ! is_no "$RC_PROMPT"; then
while :; do
fi
} &
-# /proc extra check if the background process we just spawned is still running,
-# as in case of vserver bootup it finishes quite instantly.
+# /proc extra check if the background process we just spawned is still running
+# as it may finish quite instantly.
if ! is_no "$RC_PROMPT" && [ -d /proc/$! ]; then
/sbin/getkey i && touch /var/run/confirm
touch /var/run/getkey_done
TLD / rc-scripts.git / blobdiff