Package: initramfs-tools
Severity: wishlist
Tags: patch

Here is a patch that adds a new configuration variable "PANIC_SHELL"
that, when set to no (not the default), disables the fallback to a
shell on panic. (Instead it makes init exit, and thus generates a
kernel panic.)

This is meant to be one link in a chain to secure a system as much as
convenient:

 - Configure the BIOS to boot only from the hard drive
 - Configure the boot loader not to let the user change boot
   parameters
 - This step: The boot process does not give a root shell to the
   user, ever.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.16-2-amd64-k8-smp
Locale: LANG=fr_LU.UTF-8, LC_CTYPE=fr_LU.UTF-8 (charmap=UTF-8)
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf 
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/conf/initramfs.conf   2006-07-07 
10:15:42.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/conf/initramfs.conf 2006-07-16 
14:30:43.000000000 +0200
@@ -45,3 +45,10 @@
 
 NFSROOT=auto
 
+#
+# PANIC_SHELL: [ yes | no ]
+# Should init give the user a shell on panic?
+#
+
+PANIC_SHELL=yes
+
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog 
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/debian/changelog      2006-07-14 
00:31:39.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/debian/changelog    2006-07-16 
14:36:14.000000000 +0200
@@ -1,3 +1,9 @@
+initramfs-tools (0.69b.0) unstable; urgency=low
+
+  * Created an option to disable shell invocation on panic.
+
+ -- Lionel Elie Mamane <[EMAIL PROTECTED]>  Sun, 16 Jul 2006 14:32:51 +0200
+
 initramfs-tools (0.69b) unstable; urgency=high
 
   * debian/initramfs-tools.preinst: Don't depend upon shipped directories
diff -Nru /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions 
/tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions
--- /tmp/uXrcEIMF0w/initramfs-tools-0.69b/scripts/functions     2006-07-02 
19:05:12.000000000 +0200
+++ /tmp/dG2YS5smkE/initramfs-tools-0.69b.0/scripts/functions   2006-07-16 
14:27:33.000000000 +0200
@@ -59,10 +59,15 @@
        if [ -x /sbin/usplash_write ]; then
                /sbin/usplash_write "QUIT"
        fi
-       modprobe -q i8042
-       modprobe -q atkbd
-       echo $@
-       PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+        if [ "${PANIC_SHELL}" != no ]; then 
+               modprobe -q i8042
+               modprobe -q atkbd
+               echo $@
+               PS1='(initramfs) ' /bin/sh </dev/console >/dev/console 2>&1
+       else
+               echo $@
+               exit 0
+       fi
 }
 
 maybe_break()

Reply via email to