On 02/19/14 at 12:07pm, Harald Hoyer wrote:
> On 02/19/2014 11:18 AM, WANG Chao wrote:
> > We use mv to move early.cpio from /tmp to /boot and early.cpio will
> > retain the file label. But later selinux will reject kexec from
> > accessing this such label under /boot.
> >
> > What we should do is to copy early.cpio to /boot and the new early.cpio
> > will have a default file label for /boot. So that later selinux will not
> > reject accessing to this file.
> >
> > Signed-off-by: WANG Chao <[email protected]>
> > ---
> > dracut.sh | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/dracut.sh b/dracut.sh
> > index 5267af5..ddfb760 100755
> > --- a/dracut.sh
> > +++ b/dracut.sh
> > @@ -1469,7 +1469,7 @@ if [[ $create_early_cpio = yes ]]; then
> > echo 1 > "$early_cpio_dir/d/early_cpio"
> > # The microcode blob is _before_ the initramfs blob, not after
> > (cd "$early_cpio_dir/d"; find . -print0 | cpio --null
> > $cpio_owner_root -H newc -o --quiet >../early.cpio)
> > - mv $early_cpio_dir/early.cpio $outfile.$$
> > + cp $early_cpio_dir/early.cpio $outfile.$$
> > fi
> > if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null
> > $cpio_owner_root -H newc -o --quiet | \
> > $compress >> "$outfile.$$"; ); then
> >
>
> What do you think of this patch? It gets rid of any temporary image file.
> That would also help people with space problems in /boot.
That works for me. Thanks for providing the fix.
WANG Chao
>
> diff --git a/dracut.sh b/dracut.sh
> index 5267af5..a56bc13 100755
> --- a/dracut.sh
> +++ b/dracut.sh
> @@ -808,7 +808,6 @@ fi
> # clean up after ourselves no matter how we die.
> trap '
> ret=$?;
> - [[ $outfile ]] && [[ -f $outfile.$$ ]] && rm -f -- "$outfile.$$";
> [[ $keep ]] && echo "Not removing $initdir." >&2 || { [[ $initdir ]] &&
> rm -rf -- "$initdir"; };
> [[ $keep ]] && echo "Not removing $early_cpio_dir." >&2 || { [[
> $early_cpio_dir ]] && rm -Rf -- "$early_cpio_dir"; };
> [[ $_dlogdir ]] && rm -Rf -- "$_dlogdir";
> @@ -1468,15 +1467,13 @@ dinfo "*** Creating image file ***"
> if [[ $create_early_cpio = yes ]]; then
> echo 1 > "$early_cpio_dir/d/early_cpio"
> # The microcode blob is _before_ the initramfs blob, not after
> - (cd "$early_cpio_dir/d"; find . -print0 | cpio --null
> $cpio_owner_root -H newc -o --quiet >../early.cpio)
> - mv $early_cpio_dir/early.cpio $outfile.$$
> + (cd "$early_cpio_dir/d"; find . -print0 | cpio --null
> $cpio_owner_root -H newc -o --quiet > $outfile)
> fi
> if ! ( umask 077; cd "$initdir"; find . -print0 | cpio --null
> $cpio_owner_root -H newc -o --quiet | \
> - $compress >> "$outfile.$$"; ); then
> - dfatal "dracut: creation of $outfile.$$ failed"
> + $compress >> "$outfile"; ); then
> + dfatal "dracut: creation of $outfile failed"
> exit 1
> fi
> -mv -- "$outfile.$$" "$outfile"
> dinfo "*** Creating image file done ***"
>
> if (( maxloglvl >= 5 )); then
>
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
