Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
[Henrique de Moraes Holschuh] I suspect we need to provide some other tmpfs for users such as UML and ifupdown. I am quite sure of it. After having a look at ifupdown, I changed my mind. We should not wait for etch to release before providing a tmpfs file system for use during boot. Some long-standing bugs in ifupdown are unsolvable because the state file isn't writable when the kernel calls userspace to handle coldplug events. Because of this, I integrated the patches from ubuntu to mount /var/run and /var/lock/ as tmpfs file systems in mountkernfs.sh, the very first thing to happen during boot. I plan to upload this into experimental today, along with the changes to split out sysvinit-utils and a few others changes. Testers are most welcome. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Sat, 16 Sep 2006, Petter Reinholdtsen wrote: to handle coldplug events. Because of this, I integrated the patches from ubuntu to mount /var/run and /var/lock/ as tmpfs file systems in mountkernfs.sh, the very first thing to happen during boot. I am quite fine with this, as long as a later (initscript-caused) /var mount does not shadow them. It would do away with the immediate need to get people to agree on /run or /lib/run or whatever. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
[Henrique de Moraes Holschuh] I am quite fine with this, as long as a later (initscript-caused) /var mount does not shadow them. It does, by bind-mounting them away while /var/ is being mounted. It would do away with the immediate need to get people to agree on /run or /lib/run or whatever. Yes. I discovered this while I started to look closer at the ubuntu patches, and decided to get this done quickly to try to get ifupdown work asynchroniously, as well as provide uml, dosemu and others with some place to store their stuff. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: [Pkg-sysvinit-devel] Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Sat, 16 Sep 2006, Henrique de Moraes Holschuh wrote: On Sat, 16 Sep 2006, Petter Reinholdtsen wrote: to handle coldplug events. Because of this, I integrated the patches from ubuntu to mount /var/run and /var/lock/ as tmpfs file systems in mountkernfs.sh, the very first thing to happen during boot. I am quite fine with this, as long as a later (initscript-caused) /var mount does not shadow them. It would do away with the immediate need to get people to agree on /run or /lib/run or whatever. I just remembered something: how are you going to make sure there is a /var/run and /var/lock mountpoint to use on the root filesystem? If /var is in a separate partition, they need not (and might not be there). We cannot create them either, as something might be mounted in /var during package install time, AND the root filesystem is read-only at the stage of the bootstrap process we will need the mountpoints to exist. We have to use an different mountpoint, one that is guaranteed to exist in /, and which is guaranteed not to be a symlink or something else that is not allowed as a mountpoint. Please revert the mountkernfs.sh changes. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Sat, 16 Sep 2006, Petter Reinholdtsen wrote: Yes. I discovered this while I started to look closer at the ubuntu patches, and decided to get this done quickly to try to get ifupdown work asynchroniously, as well as provide uml, dosemu and others with some place to store their stuff. Good job, and also kudos to the Ubuntu guys. But I think we might want to improve it a little yet before deploying to unstable: 1. Support tmpfs limits on resource usage, we really should not be mounting various tmpfs with their default size! 10MB for /var/run and 1MB for /var/lock seems like reasonable hardwired defaults (see below for how to override) 2. Support local admin override of these tmpfs parameters, in /etc/fstab 3. Warn in d-d-announce that we will be deploying this, and that people better test it. And that if they want the early-writeable tmpfs elsewhere, they are to bring it up with the TC immediately, because the talk about it in the mailing lists approach failed and thus we now require a fast, non-challengable TC decision on this issue which we will be very happy to follow. 4. Document very clearly the very early userspace requirements of a Debian system. These *have* to be met by the kernel and initrd. Very Early Userspace Starts: when kernel/initrd handles control to init for bootstrap Ends: right before coldplug is run. Requires before it can start: root filesystem mounted read-only in-kernel tmpfs support ready for use in-kernel bind mount functionality, including mount --move Provides when it ends: early read-writeable filesystem mounted (currently, /var/run) essential kernel-userland interfaces ready (/proc, /sys, etc) [optional] early static module loading (**missing**) [optional] early static sysfs and procfs setup (**missing**) Caveats: Accurate system time is NOT guaranteed to be available at this stage. In fact, system time will be incorrect except in specific setups. DO NOT MOUNT FILESYSTEMS THAT CANNOT COPE WITH THIS. DO NOT FSCK FILESYSTEMS. Accurate system timezone information is available only from glibc's global timezone setup (/etc/localtime). We should document the rest of the bootstrap stages too, that will allow us to fix the current breakages (system time undefined when it shouldn't, parallel boot missing key chokepoints at early userspace setup, etc). But that does not have anything to do with the early writeable fs. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: [Pkg-sysvinit-devel] Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Sat, 16 Sep 2006, Petter Reinholdtsen wrote: [Henrique de Moraes Holschuh] I just remembered something: how are you going to make sure there is a /var/run and /var/lock mountpoint to use on the root filesystem? They are created when initscripts is installed, by remounting / to avoid any /var/ mounts, and creating the directories there. Duh! I knew I was missing something. Yes, that will work, you can consider my point against /var/* moot. Why? I suspect you should have a look at the changes. It seem perfectly safe to me. The only problem is with partial upgrades and packages expecting persistense in /var/run/ and /var/lock/. Partial upgrades can be dealth with proper package scripts, and tight dependencies I hope. Backwards-compatibility for the early writeable fs can be dealt with by either the INITRWFS env var (see post to pkg-initscripts-devel), or now that we are not likely to need to move it over later, just by versioned dependencies on the packages that need it (that make backwards compatibility moot). -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: [Pkg-sysvinit-devel] Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Sat, 16 Sep 2006, Petter Reinholdtsen wrote: We have to use an different mountpoint, one that is guaranteed to exist in /, and which is guaranteed not to be a symlink or something else that is not allowed as a mountpoint. Please revert the mountkernfs.sh changes. Why? I suspect you should have a look at the changes. It seem You're right. I retract my request for reverting the changes. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: [Pkg-sysvinit-devel] Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
[Henrique de Moraes Holschuh] I just remembered something: how are you going to make sure there is a /var/run and /var/lock mountpoint to use on the root filesystem? They are created when initscripts is installed, by remounting / to avoid any /var/ mounts, and creating the directories there. If /var is in a separate partition, they need not (and might not be there). We cannot create them either, as something might be mounted in /var during package install time, AND the root filesystem is read-only at the stage of the bootstrap process we will need the mountpoints to exist. Yes, we can't create them at boot time, so they are created when the package is installed instead. :) We have to use an different mountpoint, one that is guaranteed to exist in /, and which is guaranteed not to be a symlink or something else that is not allowed as a mountpoint. Please revert the mountkernfs.sh changes. Why? I suspect you should have a look at the changes. It seem perfectly safe to me. The only problem is with partial upgrades and packages expecting persistense in /var/run/ and /var/lock/. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Mon, Sep 11, 2006 at 11:24:03AM +0200, Petter Reinholdtsen wrote: I suspect we need to provide some other tmpfs for users such as UML and ifupdown. Please be very careful when you do so. Even now the tmpfs for /dev/shm allows every user to eat up half of the RAM virtually anonymous by means of the page-cache not being owned by any process. Preventing this pages from getting swapped is easy to achieve by just touching them regulary. This is not a big issue, though. However, if you create another default- sized tmpfs, this becomes an issue because users then will be able to effectively lock up all available RAM and thus force the OOM-Killer to kill random foreign processes (including daemons etc.). This is the main reason for me to bind-mount /dev/shm to /tmp and any other tmpfs on my system while accepting to live with a potentially polluted POSIX-shm-namespace (which is virtually never used anyways :)). just my 2 cents Mario -- Independence Day: Fortunately, the alien computer operating system works just fine with the laptop. This proves an important point which Apple enthusiasts have known for years. While the evil empire of Microsoft may dominate the computers of Earth people, more advanced life forms clearly prefer Macs. signature.asc Description: Digital signature
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
Package: initscripts Version: 2.86.ds1-20 Severity: critical Justification: breaks UML environments The mountdevsubfs.sh init script mounts /dev/shm with the noexec flag. UML (/usr/bin/linux) complains about that and doesn't start. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
[Tim Rühsen] The mountdevsubfs.sh init script mounts /dev/shm with the noexec flag. UML (/usr/bin/linux) complains about that and doesn't start. I suspect this use of /dev/shm/ is really a bug in UML. /dev/shm/ is only to be used by the shm_open()-class of functions. Every other use of the tmpfs mounted on /dev/shm is a bug. This is part of the reason why we changed the privileges for that file system. Is UML using it throught the shm* functions? I suspect we need to provide some other tmpfs for users such as UML and ifupdown. Friendly, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#386945: [Pkg-sysvinit-devel] Bug#386945: initscripts: User Mode Linux (UML) doesn't start because /dev/shm is mounted noexec
On Mon, 11 Sep 2006, Petter Reinholdtsen wrote: [Tim Rühsen] The mountdevsubfs.sh init script mounts /dev/shm with the noexec flag. UML (/usr/bin/linux) complains about that and doesn't start. I suspect this use of /dev/shm/ is really a bug in UML. /dev/shm/ is Depends on what it is doing... dosemu wanted to use PROT_EXEC, maybe that's the case with UML too? I won't claim to know enough about sysv shared mem to know whether such usage (whatever UML does, and what DOSEMU is doing) is sane, though. I suspect we need to provide some other tmpfs for users such as UML and ifupdown. I am quite sure of it. -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
