[dracut/f16] move mounting of securitfs to a seperate module Resolves: rhbz#737140
Harald Hoyer
harald at fedoraproject.org
Tue Sep 20 13:42:29 UTC 2011
commit 7c7f7fd257bfee631261aa537c05b3b6d90da4d3
Author: Harald Hoyer <harald at redhat.com>
Date: Tue Sep 20 15:42:14 2011 +0200
move mounting of securitfs to a seperate module
Resolves: rhbz#737140
...nt-securityfs-in-a-seperate-dracut-module.patch | 94 ++++++++++++++++++++
dracut.spec | 10 ++-
2 files changed, 103 insertions(+), 1 deletions(-)
---
diff --git a/0043-mount-securityfs-in-a-seperate-dracut-module.patch b/0043-mount-securityfs-in-a-seperate-dracut-module.patch
new file mode 100644
index 0000000..3832949
--- /dev/null
+++ b/0043-mount-securityfs-in-a-seperate-dracut-module.patch
@@ -0,0 +1,94 @@
+From 9d0755c2d1a5eb13413caa80f69d7ad39589d304 Mon Sep 17 00:00:00 2001
+From: Harald Hoyer <harald at redhat.com>
+Date: Tue, 20 Sep 2011 11:16:53 +0200
+Subject: [PATCH] mount securityfs in a seperate dracut module
+
+---
+ dracut.spec | 1 +
+ modules.d/96securityfs/module-setup.sh | 15 +++++++++++++++
+ modules.d/96securityfs/securityfs.sh | 10 ++++++++++
+ modules.d/98integrity/module-setup.sh | 2 +-
+ modules.d/99base/init | 6 ------
+ 5 files changed, 27 insertions(+), 7 deletions(-)
+ create mode 100755 modules.d/96securityfs/module-setup.sh
+ create mode 100755 modules.d/96securityfs/securityfs.sh
+
+diff --git a/dracut.spec b/dracut.spec
+index 76f4fe1..f9848ed 100644
+--- a/dracut.spec
++++ b/dracut.spec
+@@ -247,6 +247,7 @@ rm -rf $RPM_BUILD_ROOT
+ %{_datadir}/dracut/modules.d/95zfcp
+ %{_datadir}/dracut/modules.d/95terminfo
+ %{_datadir}/dracut/modules.d/95udev-rules
++%{_datadir}/dracut/modules.d/96securityfs
+ %{_datadir}/dracut/modules.d/97biosdevname
+ %{_datadir}/dracut/modules.d/97masterkey
+ %{_datadir}/dracut/modules.d/98ecryptfs
+diff --git a/modules.d/96securityfs/module-setup.sh b/modules.d/96securityfs/module-setup.sh
+new file mode 100755
+index 0000000..fbe3aa3
+--- /dev/null
++++ b/modules.d/96securityfs/module-setup.sh
+@@ -0,0 +1,15 @@
++#!/bin/bash
++# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
++# ex: ts=8 sw=4 sts=4 et filetype=sh
++
++check() {
++ return 255
++}
++
++depends() {
++ return 0
++}
++
++install() {
++ inst_hook cmdline 60 "$moddir/securityfs.sh"
++}
+diff --git a/modules.d/96securityfs/securityfs.sh b/modules.d/96securityfs/securityfs.sh
+new file mode 100755
+index 0000000..03ee4dd
+--- /dev/null
++++ b/modules.d/96securityfs/securityfs.sh
+@@ -0,0 +1,10 @@
++#!/bin/sh
++# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
++# ex: ts=8 sw=4 sts=4 et filetype=sh
++
++SECURITYFSDIR="/sys/kernel/security"
++export SECURITYFSDIR
++
++if ! ismounted "${SECURITYFSDIR}"; then
++ mount -t securityfs -o nosuid,noexec,nodev securityfs ${SECURITYFSDIR} >/dev/null 2>&1
++fi
+diff --git a/modules.d/98integrity/module-setup.sh b/modules.d/98integrity/module-setup.sh
+index cab9027..7d5771c 100755
+--- a/modules.d/98integrity/module-setup.sh
++++ b/modules.d/98integrity/module-setup.sh
+@@ -7,7 +7,7 @@ check() {
+ }
+
+ depends() {
+- echo masterkey
++ echo masterkey securityfs
+ return 0
+ }
+
+diff --git a/modules.d/99base/init b/modules.d/99base/init
+index fa808ca..06d61a8 100755
+--- a/modules.d/99base/init
++++ b/modules.d/99base/init
+@@ -86,12 +86,6 @@ RD_DEBUG=""
+ [ ! -d /sys/kernel ] && \
+ mount -t sysfs -o nosuid,noexec,nodev sysfs /sys >/dev/null 2>&1
+
+-SECURITYFSDIR="/sys/kernel/security"
+-export SECURITYFSDIR
+-if ! ismounted "${SECURITYFSDIR}"; then
+- mount -t securityfs -o nosuid,noexec,nodev securityfs ${SECURITYFSDIR} >/dev/null 2>&1
+-fi
+-
+ if [ -x /lib/systemd/systemd-timestamp ]; then
+ RD_TIMESTAMP=$(/lib/systemd/systemd-timestamp)
+ else
diff --git a/dracut.spec b/dracut.spec
index d15dd69..15031f3 100644
--- a/dracut.spec
+++ b/dracut.spec
@@ -8,7 +8,7 @@
Name: dracut
Version: 013
-Release: 10%{?dist}
+Release: 11%{?dist}
Summary: Initramfs generator using udev
%if 0%{?fedora} || 0%{?rhel} > 6
@@ -36,6 +36,7 @@ Patch39: 0039-90dmsquash-live-do-not-symlink-to-dev-live.patch
Patch40: 0040-99base-init-remove-dev-root-helper-symlink.patch
Patch41: 0041-Do-not-use-run-udev-rules.d-for-udev-rules.patch
Patch42: 0042-99base-init-mount-securityfs-with-source-securityfs-.patch
+Patch43: 0043-mount-securityfs-in-a-seperate-dracut-module.patch
BuildArch: noarch
BuildRequires: dash bash
@@ -182,6 +183,8 @@ This package contains tools to assemble the local initrd and host configuration.
%patch40 -p1
%patch41 -p1
%patch42 -p1
+%patch43 -p1
+chmod a+x modules.d/*/*.sh
%build
make
@@ -274,6 +277,7 @@ rm -rf $RPM_BUILD_ROOT
%{_datadir}/dracut/modules.d/95zfcp
%{_datadir}/dracut/modules.d/95terminfo
%{_datadir}/dracut/modules.d/95udev-rules
+%{_datadir}/dracut/modules.d/96securityfs
%{_datadir}/dracut/modules.d/97biosdevname
%{_datadir}/dracut/modules.d/97masterkey
%{_datadir}/dracut/modules.d/98ecryptfs
@@ -320,6 +324,10 @@ rm -rf $RPM_BUILD_ROOT
%dir /var/lib/dracut/overlay
%changelog
+* Tue Sep 20 2011 Harald Hoyer <harald at redhat.com> 013-11
+- move mounting of securitfs to a seperate module
+Resolves: rhbz#737140
+
* Tue Sep 20 2011 Harald Hoyer <harald at redhat.com> 013-10
- mount securitfs with the correct source
Resolves: rhbz#737140
More information about the scm-commits
mailing list