Thanks all for the suggestions. I want to clarify the requirement here. The purpose of kernel hardening here is not code optimization, but security reasons. The main purpose is to disable / minimize all trace log information on the console through any source. Tracing or logging will be disabled for security reasons to make it difficult for hacking.
Best regards, Purushotham. On Wed, Jul 29, 2015 at 7:23 PM, Xabier Oneca -- xOneca <[email protected]> wrote: > Hello Purushotham, > > 2015-07-29 15:19 GMT+02:00 purushi1 . <[email protected]>: > > Hi Xabier Oneca, > > > > Thanks for the explanation, I understand it better now. > > Our current implementation is based on CONFIG_INIT flag. We are using > init > > script /etc/init.d/rcS which is launched by /etc/inittab. > > Also we have already disabled BASH shell in our hardened kernel. > > > > So preferable fix for us would be to somehow disable > CONFIG_FEATURE_SYSLOG, > > while keeping CONFIG_INIT enabled. Is this possible? > > Else please suggest what would be a better alternative? > > Well, you cannot enable CONFIG_INIT because it (currently) depends on > CONFIG_FEATURE_SYSLOG. > > But if you don't have any other init system and you don't want Busybox's > (because of Syslog), then you can always write your own init script > (init doesn't have to be an ELF binary) which parses/ignores inittab > and then runs /etc/init.d/rcS. > > > thanks a lot for your support. > > Best regards, > > Purushotham > > > > > > On Wed, Jul 29, 2015 at 6:05 PM, Xabier Oneca -- xOneca < > [email protected]> > > wrote: > >> > >> Hi Purushotham., > >> > >> 2015-07-29 8:28 GMT+02:00 purushi1 . <[email protected]>: > >> > Hi Bartosz Golaszewski, > >> > > >> > If i disable CONFIG_INIT flag in busybox configuraton, Then Kernel > >> > Bootup > >> > fails . > >> > I get the following message : > >> > > >> > "Kernel panic - not syncing: No init found. Try passing init= option > to > >> > kernel. See Linux Documentation/init.txt for guidance. > >> > Rebooting in 180 seconds. " > >> > > >> > > >> > So tried passing an init option, with init=/usr/lib/systemd/systemd or > >> > init=/usr/bin/bash. > >> > Using either of the option i am able to boot without any kernel > panics. > >> > > >> > Is this the right way? Please advice. > >> > >> The kernel tries to find init in various locations (/sbin/init, > >> /etc/init, /bin/init, etc.). If it can't execute any of those, then > >> the kernel panics. You just removed Busybox init, so you are left > >> without init process to load. > >> > >> One way to override kernel search is passing init= option as you did. > >> You can put that option in the bootloader options and get done, or you > >> can symlink systemd (or what you want to load) in /sbin/init so the > >> kernel can find it in the "standard" location. > >> > >> HTH, > >> > >> Xabier Oneca_,,_ > > Just my two cents. > > Xabier Oneca_,,_ >
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
