Received: by 10.223.176.5 with SMTP id f5csp3277904wra; Thu, 1 Feb 2018 13:52:52 -0800 (PST) X-Google-Smtp-Source: AH8x226z4MVPW2u9FD1Nkbbd+a0bxIeFR8Mb6J6P7BLkhrxoMonDm2UxPeCJ13OEn1/35A4sI1Io X-Received: by 10.98.210.5 with SMTP id c5mr37540565pfg.238.1517521972391; Thu, 01 Feb 2018 13:52:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1517521972; cv=none; d=google.com; s=arc-20160816; b=LcOB7NBjUUlHsAeD0fdxMHLS3FHSyhKXRJJ7dovy7TwVewnfXun6ESMJPehWl/kgew 4oLXYJw9IRm/+1f0QNVXYRWRPfp3P08R46rf3oMHLwyDS1MslIJAYvuDSPpmry+QpJ6K o5dApqr8mgkM1AYA9zFCXzHNGLfwRyeHE194v5Uist+4wzO9sHHw/6uMnoodWnBHzLjn iL+wz60XOyCj7ngfhVSxDSt63kKqLDwfDRaaoNUI6DPU9hl1C6h8CpoAoHK9/pwFHjlV pYyOUuF4IM/j5jtF6ImBKl7SzcO/jhB69OnLNH8zPeFnqgxjFBJI2KK5MQT2dNae9Z8Z 3r5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=lR/xlQPYC1q2HHYthWsOgPEfhCkvT4SQx4mo1mAwgxM=; b=WBlv5nmhqs38cWtpfIDU82u8UW7vfAIW9/D4WlHV9Y58+YdKwK6nPwscy9cFptyJj6 91gyAx6DO2O3kPB+VRn8V8GC55/mtaHxHB1p1zpqU5OQalchwh+xNdsDYYOel5eeP9aF odvRUimPcsq+k2SqVrQGu7S1A53t0qI10P0xiaiAHMkepW26eFB8mx89QcL4JusaPCuX AgCUaDJDPoJLp8fFV1unvpQPiW02Xt5DPa7w5Qt2OCeCkwQI8gsIH5WMcrcKkPdHZK6i csr+rwW52VFToTiSNw1MuTHH8z8OQjalXeKOfD4GrPstfKI1FLl/Mm0f/rKclYO+Jekv PDTQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f19-v6si404263plr.641.2018.02.01.13.52.36; Thu, 01 Feb 2018 13:52:52 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752068AbeBAVwE (ORCPT + 99 others); Thu, 1 Feb 2018 16:52:04 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:59048 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751826AbeBAVv7 (ORCPT ); Thu, 1 Feb 2018 16:51:59 -0500 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w11LjvAq071973 for ; Thu, 1 Feb 2018 16:51:59 -0500 Received: from e06smtp10.uk.ibm.com (e06smtp10.uk.ibm.com [195.75.94.106]) by mx0b-001b2d01.pphosted.com with ESMTP id 2fv7g01fv7-1 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=NOT) for ; Thu, 01 Feb 2018 16:51:59 -0500 Received: from localhost by e06smtp10.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 1 Feb 2018 21:51:57 -0000 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp10.uk.ibm.com (192.168.101.140) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Thu, 1 Feb 2018 21:51:53 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w11Lpr0O1179908; Thu, 1 Feb 2018 21:51:53 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 764B64C04A; Thu, 1 Feb 2018 21:45:49 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 944174C040; Thu, 1 Feb 2018 21:45:48 +0000 (GMT) Received: from dhcp-9-2-55-114.watson.ibm.com (unknown [9.2.55.114]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 1 Feb 2018 21:45:48 +0000 (GMT) Subject: Re: [RFC PATCH] rootfs: force mounting rootfs as tmpfs From: Mimi Zohar To: Rob Landley , Arvind Sankar Cc: initramfs , Taras Kondratiuk , Victor Kamensky , linux-security-module , Al Viro , linux-kernel Date: Thu, 01 Feb 2018 16:51:52 -0500 In-Reply-To: <875e5d2d-9ffe-14ab-090a-4a9632af0f35@landley.net> References: <1517348777.3469.5.camel@linux.vnet.ibm.com> <1814af5c-170d-39c0-58fd-02eb7216e008@landley.net> <1517436423.3469.237.camel@linux.vnet.ibm.com> <20180201020331.GA3774@rani.riverdale> <1517458921.3329.2.camel@linux.vnet.ibm.com> <1517500500.3974.45.camel@linux.vnet.ibm.com> <875e5d2d-9ffe-14ab-090a-4a9632af0f35@landley.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18020121-0040-0000-0000-0000040B7F40 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18020121-0041-0000-0000-0000260F215D Message-Id: <1517521912.3619.0.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-02-01_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1802010264 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2018-02-01 at 11:09 -0600, Rob Landley wrote: > On 02/01/2018 09:55 AM, Mimi Zohar wrote: > > On Thu, 2018-02-01 at 09:20 -0600, Rob Landley wrote: > > > >>> With your patch and specifying "root=tmpfs", dracut is complaining: > >>> > >>> dracut: FATAL: Don't know how to handle 'root=tmpfs' > >>> dracut: refusing to continue > >> > >> [googles]... I do not understand why this package exists. > >> > >> If you're switching to another root filesystem, using a tool that > >> wikipedia[citation needed] says has no purpose but to switch to another > >> root filesystem, (so let's reproduce the kernel infrastructure in > >> userspace while leaving it the kernel too)... why do you need initramfs > >> to be tmpfs? You're using it for half a second, then discarding it, > >> what's the point of it being tmpfs? > > > > Unlike the kernel image which is signed by the distros, the initramfs > > doesn't come signed, because it is built on the target system.  Even > > if the initramfs did come signed, it is beneficial to measure and > > appraise the individual files in the initramfs. > > You can still shoot yourself in the foot with tmpfs. People mount a /run > and a /tmp and then as a normal user you can go > https://twitter.com/landley/status/959103235305951233 and maybe the > default should be a little more clever there... > > I'll throw it on the todo heap. :) > > >> Sigh. If people are ok with having rootfs just be tmpfs whenever tmpfs > >> is configured in, even when you're then going to overmount it with > >> something else like you're doing, let's just _remove_ the test. If it > >> can be tmpfs, have it be tmpfs. > > > > Very much appreciated! > > Not yet tested, but something like the attached? (Sorry for the > half-finished doc changes in there, I'm at work and have a 5 minute > break. I can test properly this evening if you don't get to it...) Yes, rootfs is being mounted as tmpfs. Mimi