Author: ian Date: Wed Dec 20 18:23:22 2017 New Revision: 327032 URL: https://svnweb.freebsd.org/changeset/base/327032
Log: Add a new kernel config option, MD_ROOT_READONLY, which forces on the MD_READONLY flag for the md device automatically instantiated during kernel init for an mdroot filesystem. Note that there is specifically and by design no tunable or sysctl control over this feature. Without this option, you already have control over whether the mdroot fs is writeable using vfs.root.mountfrom.options from loader(8), the root_rw_mount rcvar, and by using "mount -u[rw] /" or equivelent on the fly. This option is being added to provide a way to make the mdroot fs truly immutable before userland code begins running. Differential Revision: https://reviews.freebsd.org/D13411 Modified: head/share/man/man4/md.4 head/sys/conf/NOTES head/sys/conf/options head/sys/dev/md/md.c Modified: head/share/man/man4/md.4 ============================================================================== --- head/share/man/man4/md.4 Wed Dec 20 18:15:06 2017 (r327031) +++ head/share/man/man4/md.4 Wed Dec 20 18:23:22 2017 (r327032) @@ -7,7 +7,7 @@ .\" .\" $FreeBSD$ .\" -.Dd November 5, 2017 +.Dd December 7, 2017 .Dt MD 4 .Os .Sh NAME @@ -79,7 +79,8 @@ To create a kernel with a ramdisk or MD file system, y needs the following options: .Bd -literal -offset indent options MD_ROOT # MD is a potential root device -options MD_ROOT_SIZE=8192 # 8MB ram disk +options MD_ROOT_READONLY # disallow mounting root writeable +options MD_ROOT_SIZE=8192 # 8MB ram disk makeoptions MFS_IMAGE=/h/foo/ARM-MD options ROOTDEVNAME=\\"ufs:md0\\" .Ed Modified: head/sys/conf/NOTES ============================================================================== --- head/sys/conf/NOTES Wed Dec 20 18:15:06 2017 (r327031) +++ head/sys/conf/NOTES Wed Dec 20 18:23:22 2017 (r327032) @@ -1101,6 +1101,9 @@ options MD_ROOT_SIZE=10 # images of type mfs_root or md_root. options MD_ROOT +# Write-protect the md root device so that it may not be mounted writeable. +options MD_ROOT_READONLY + # Disk quotas are supported when this option is enabled. options QUOTA #enable disk quotas Modified: head/sys/conf/options ============================================================================== --- head/sys/conf/options Wed Dec 20 18:15:06 2017 (r327031) +++ head/sys/conf/options Wed Dec 20 18:23:22 2017 (r327032) @@ -165,6 +165,7 @@ MAC_STUB opt_dontuse.h MAC_TEST opt_dontuse.h MD_ROOT opt_md.h MD_ROOT_FSTYPE opt_md.h +MD_ROOT_READONLY opt_md.h MD_ROOT_SIZE opt_md.h MFI_DEBUG opt_mfi.h MFI_DECODE_LOG opt_mfi.h Modified: head/sys/dev/md/md.c ============================================================================== --- head/sys/dev/md/md.c Wed Dec 20 18:15:06 2017 (r327031) +++ head/sys/dev/md/md.c Wed Dec 20 18:23:22 2017 (r327032) @@ -1791,9 +1791,15 @@ md_preloaded(u_char *image, size_t length, const char sc->start = mdstart_preload; if (name != NULL) strlcpy(sc->file, name, sizeof(sc->file)); -#if defined(MD_ROOT) && !defined(ROOTDEVNAME) - if (sc->unit == 0) +#ifdef MD_ROOT + if (sc->unit == 0) { +#ifndef ROOTDEVNAME rootdevnames[0] = MD_ROOT_FSTYPE ":/dev/md0"; +#endif +#ifdef MD_ROOT_READONLY + sc->flags |= MD_READONLY; +#endif + } #endif mdinit(sc); if (name != NULL) { _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "[email protected]"
