X-Git-Url: https://git.tld-linux.org/?a=blobdiff_plain;f=rc.d%2Frc.sysinit;h=826b4353e72ef385691a6bbb916aee4906069e08;hb=HEAD;hp=c7375feae9db3825c00e10ba8164df82b905a06e;hpb=94ec8ca43d5c1ce5d50a36ca4f3d63eb9b28a58c;p=rc-scripts.git diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index c7375fe..750e16a 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -47,6 +47,7 @@ modprobe_c() { # filter only what is wanted by this script: aliases and options modprobe_c_cache=$(modprobe -c | grep -E '^(alias|options)') + echo "$modprobe_c_cache" } # parse kernel cmdline @@ -123,8 +124,8 @@ init_selinux() { if ! grep -Fq selinuxfs /proc/filesystems; then # no support in kernel, no chance SELINUX=no - elif ! is_fsmounted selinuxfs /selinux; then - mount -n -o gid=17 -t selinuxfs selinuxfs /selinux + elif ! is_fsmounted selinuxfs $selinuxfsdir; then + mount -n -t selinuxfs selinuxfs $selinuxfsdir fi # Check SELinux status @@ -197,17 +198,6 @@ enable_swap() { is_yes "$AUTOSWAP" && enable_autoswap } -# Remove duplicate entries from mtab (for vserver guest use only) -clean_vserver_mtab() { - > /etc/mtab.clean - while read device mountpoint line; do - grep -qs "$mountpoint" /etc/mtab.clean || \ - echo "$device $mountpoint $line" >> /etc/mtab.clean - done < /etc/mtab - cat /etc/mtab.clean > /etc/mtab - rm -f /etc/mtab.clean -} - # Loads modules from /etc/modules, /etc/modules.X.Y and /etc/modules.X.Y.Z load_kernel_modules() { local modules_file=$1 @@ -365,14 +355,14 @@ else RC_BOOTLOG= fi -if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then +if [[ "$container" != lxc* ]]; then # we need /proc mounted before everything is_fsmounted proc /proc || mount -n /proc || mount -n -o gid=17,hidepid=2 -t proc /proc /proc parse_cmdline if [ -d /run ]; then - is_fsmounted tmpfs /run || mount -n -t tmpfs run /run + is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev fi # Early sysctls @@ -380,18 +370,22 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then # sysfs is also needed before any other things (under kernel > 2.5) if ! is_fsmounted sysfs /sys; then - grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys + grep -Fq sysfs /proc/filesystems && mount -n -t sysfs sysfs /sys fi if grep -Fq securityfs /proc/filesystems; then - mount -n -o gid=17 -t securityfs securityfs /sys/kernel/security + mount -n -t securityfs securityfs /sys/kernel/security + fi + if [ -d /sys/firmware/efi ] && ! is_fsmounted efivarfs /sys/firmware/efi/efivars; then + mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars fi - init_selinux - - # TLD Linux LiveCD support - if [ -x /etc/rc.d/rc.live ]; then - /etc/rc.d/rc.live + if [ -d /sys/fs/selinux ]; then + # Linux 3.0+ + selinuxfsdir=/sys/fs/selinux + else + selinuxfsdir=/selinux fi + init_selinux # Choose Hardware profile if ! is_no "$HWPROFILES" && [ -f /etc/sysconfig/hwprof ]; then @@ -439,7 +433,7 @@ else domainname "" fi -if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then +if [[ "$container" != lxc* ]]; then # Set console loglevel if [ -n "$CONSOLE_LOGLEVEL" ]; then dmesg -n $CONSOLE_LOGLEVEL @@ -631,7 +625,7 @@ if [ -n "$IN_INITLOG" ]; then IN_INITLOG="" fi -if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then +if [[ "$container" != lxc* ]]; then # Clear mtab > /etc/mtab [ -f /etc/cryptomtab ] && > /etc/cryptomtab @@ -643,7 +637,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then mount -f -t devtmpfs devtmpfs /dev 2> /dev/null fi if is_fsmounted tmpfs /run; then - mount -f -t tmpfs run /run 2> /dev/null + mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null fi if is_fsmounted usbfs /proc/bus/usb; then @@ -655,10 +649,13 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then if is_fsmounted securityfs /sys/kernel/security ; then mount -f -t securityfs securityfs /sys/kernel/security 2> /dev/null fi + if [ -d /sys/firmware/efi ] && is_fsmounted efivarfs /sys/firmware/efi/efivars ; then + mount -f -t efivarfs efivarfs /sys/firmware/efi/efivars 2> /dev/null + fi fi - if is_fsmounted selinuxfs /selinux; then - mount -f -t selinuxfs selinuxfs /selinux 2> /dev/null + if is_fsmounted selinuxfs $selinuxfsdir; then + mount -f -t selinuxfs selinuxfs $selinuxfsdir 2> /dev/null fi if [ ! -f /proc/modules ]; then @@ -929,7 +926,6 @@ else killall -IO blogd fi - clean_vserver_mtab fi is_yes "$SELINUX" && [ -f /.autorelabel ] && relabel_selinux @@ -988,37 +984,35 @@ is_yes "$SELINUX" && restorecon /tmp/.ICE-unix >/dev/null 2>&1 test -d /var/run/netreport || mkdir -m 770 /var/run/netreport -if ! is_yes "$VSERVER"; then - enable_swap +enable_swap - # If a SCSI tape has been detected, load the st module unconditionally - # since many SCSI tapes don't deal well with st being loaded and unloaded - if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then - if grep -qv ' 9 st' /proc/devices 2>/dev/null; then - if [ -n "$USEMODULES" ] ; then - # Try to load the module. If it fails, ignore it... - insmod -p st >/dev/null 2>&1 && modprobe -s st - fi +# If a SCSI tape has been detected, load the st module unconditionally +# since many SCSI tapes don't deal well with st being loaded and unloaded +if [ -f /proc/scsi/scsi ] && grep -q 'Type: Sequential-Access' /proc/scsi/scsi 2>/dev/null ; then + if grep -qv ' 9 st' /proc/devices 2>/dev/null; then + if [ -n "$USEMODULES" ] ; then + # Try to load the module. If it fails, ignore it... + insmod -p st >/dev/null 2>&1 && modprobe -s st fi fi +fi - # Now that we have all of our basic modules loaded and the kernel going, - # let's dump the syslog ring somewhere so we can find it later - mode=0600 - if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then - mode=0644 - fi - dmesg --raw > /var/log/dmesg - chmod $mode /var/log/dmesg - i=5 - while [ $i -ge 0 ]; do - if [ -f /var/log/dmesg.$i ]; then - mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1)) - fi - i=$(($i-1)) - done - cp -pf /var/log/dmesg /var/log/dmesg.0 +# Now that we have all of our basic modules loaded and the kernel going, +# let's dump the syslog ring somewhere so we can find it later +mode=0600 +if [ "$(cat /proc/sys/kernel/dmesg_restrict)" = 0 ]; then + mode=0644 fi +dmesg --raw > /var/log/dmesg +chmod $mode /var/log/dmesg +i=5 +while [ $i -ge 0 ]; do + if [ -f /var/log/dmesg.$i ]; then + mv -f /var/log/dmesg.$i /var/log/dmesg.$(($i+1)) + fi + i=$(($i-1)) +done +cp -pf /var/log/dmesg /var/log/dmesg.0 if ! is_no "$RC_PROMPT"; then while :; do @@ -1030,8 +1024,8 @@ if ! is_no "$RC_PROMPT"; then fi } & -# /proc extra check if the background process we just spawned is still running, -# as in case of vserver bootup it finishes quite instantly. +# /proc extra check if the background process we just spawned is still running +# as it may finish quite instantly. if ! is_no "$RC_PROMPT" && [ -d /proc/$! ]; then /sbin/getkey i && touch /var/run/confirm touch /var/run/getkey_done