Received: by 10.223.176.5 with SMTP id f5csp14439wra;
        Thu, 1 Feb 2018 14:42:55 -0800 (PST)
X-Google-Smtp-Source: AH8x224PsUh9dM0OTc6jfnnhFtLnY/m1u0ZvFA5l5cTu1CCr8BlzpzOPdtUwkflcg8bozXZ5cImU
X-Received: by 2002:a17:902:b413:: with SMTP id x19-v6mr10349214plr.420.1517524975533;
        Thu, 01 Feb 2018 14:42:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1517524975; cv=none;
        d=google.com; s=arc-20160816;
        b=QOYZ287pTnaRtUFgm26puDO0li4T82s0gaEFDZXQx51z6BaiQ2pIsNmeHlyNJBHdsn
         r/yI8sewIwNqoL/Odb8ifyrx3dWYukimvMM9j+9frTioAq1Vy6MLf8mmE38yoTiXkGbO
         W/7KVUyCtv5RzC47yr/xQfvpUHKctkxvL5ZkyUlw3wWTdj8CqUrLO7Ge4kJMKcevF4NN
         /3LtIC8rdjUWptZdQm3GZoB+DtbsIPBQ7izvwcgfkBk+BIrFh4r3aGd8HpxHkkjR113b
         m9J6+eS6UrGxOIGs1wOQ3F6k6nxPl8ypCjDDfC/07vQt9lHtjDuN/4q62m4N4+GjvdfV
         E8MA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:date:subject:user-agent:message-id
         :references:cc:in-reply-to:from:to:content-transfer-encoding
         :mime-version:dkim-signature:arc-authentication-results;
        bh=MxMMwVRq3x/JkWA2B2H+aVEDZ0HVWnODRg8ZUbleYL0=;
        b=G5JdRU43lhz8OiFLs6agjGWDyHiRRb/dts50Jf+OTLWmGnb8swggQSnMbNTCBuuysF
         WOG3dGXOJu4qw5YvohHP01i5C1XXu2c7xTIM0cbys7fCHix5wJH0nInATKYa/i3tGQ4X
         NbMehYSBdCBV4Q661SjL5LYh9rAd9IRwhh40rXNiJHJdWu3FYQ4gYZ5IPPxAcF7vKzle
         cvDpXn1XXiSVP7aXwnPOWn1bYTUpijkwojl8MvlfezcbF04/R+1UqnPF2CUbo7z1483L
         u4yorOUUJR9O1eacqs72FUYse+Evhc1azvqy64aUjYAZWITLUXvPeMcekaGvjGECYk8S
         sEYA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@cisco.com header.s=iport header.b=llwuRhHm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k11si345104pgp.751.2018.02.01.14.42.32;
        Thu, 01 Feb 2018 14:42:55 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@cisco.com header.s=iport header.b=llwuRhHm;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=cisco.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752126AbeBAWle (ORCPT <rfc822;learnos2017@gmail.com>
        + 99 others); Thu, 1 Feb 2018 17:41:34 -0500
Received: from alln-iport-8.cisco.com ([173.37.142.95]:54629 "EHLO
        alln-iport-8.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751567AbeBAWl1 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 1 Feb 2018 17:41:27 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;
  d=cisco.com; i=@cisco.com; l=2358; q=dns/txt; s=iport;
  t=1517524887; x=1518734487;
  h=mime-version:content-transfer-encoding:to:from:
   in-reply-to:cc:references:message-id:subject:date;
  bh=MxMMwVRq3x/JkWA2B2H+aVEDZ0HVWnODRg8ZUbleYL0=;
  b=llwuRhHm65H1a538yUTv+2OHb65hGsQecwkpRIyMAGsWX9A8+XiCXL61
   v4YHBIFm86OaMC/GfPRhBgEc9IuBn807l9gnDuymWdNsimBPhghi139Vb
   HMtmURgn1F369UnQPIkcp6Iq80JRRte2YSusvy7mXNEENFkCEsRfcBGWo
   g=;
X-IronPort-AV: E=Sophos;i="5.46,444,1511827200"; 
   d="scan'208";a="64562470"
Received: from alln-core-2.cisco.com ([173.36.13.135])
  by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 01 Feb 2018 22:41:26 +0000
Received: from localhost ([10.156.154.6])
        by alln-core-2.cisco.com (8.14.5/8.14.5) with ESMTP id w11MfQxC030502;
        Thu, 1 Feb 2018 22:41:26 GMT
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
To:     Arvind Sankar <nivedita@alum.mit.edu>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        Rob Landley <rob@landley.net>
From:   Taras Kondratiuk <takondra@cisco.com>
In-Reply-To: <1517521912.3619.0.camel@linux.vnet.ibm.com>
Cc:     initramfs <initramfs@vger.kernel.org>,
        Victor Kamensky <kamensky@cisco.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        Al Viro <viro@ZenIV.linux.org.uk>,
        linux-kernel <linux-kernel@vger.kernel.org>
References: <1517348777.3469.5.camel@linux.vnet.ibm.com>
 <1814af5c-170d-39c0-58fd-02eb7216e008@landley.net>
 <1517436423.3469.237.camel@linux.vnet.ibm.com>
 <a538e55c-81ca-6d59-20cf-21b47387c3e2@landley.net>
 <20180201020331.GA3774@rani.riverdale>
 <1517458921.3329.2.camel@linux.vnet.ibm.com>
 <f9112881-772c-2568-ebfa-d2ca807124e9@landley.net>
 <1517500500.3974.45.camel@linux.vnet.ibm.com>
 <875e5d2d-9ffe-14ab-090a-4a9632af0f35@landley.net>
 <1517521912.3619.0.camel@linux.vnet.ibm.com>
Message-ID: <151752488608.10051.146219644323454814@takondra-t460s>
User-Agent: alot/0.6
Subject: Re: [RFC PATCH] rootfs: force mounting rootfs as tmpfs
Date:   Thu, 01 Feb 2018 14:41:26 -0800
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Quoting Mimi Zohar (2018-02-01 13:51:52)
> On Thu, 2018-02-01 at 11:09 -0600, Rob Landley wrote:
> > On 02/01/2018 09:55 AM, Mimi Zohar wrote:
> > > On Thu, 2018-02-01 at 09:20 -0600, Rob Landley wrote:
> > > =

> > >>> With your patch and specifying "root=3Dtmpfs", dracut is complainin=
g:
> > >>>
> > >>> dracut: FATAL: Don't know how to handle 'root=3Dtmpfs'
> > >>> dracut: refusing to continue
> > >>
> > >> [googles]... I do not understand why this package exists.
> > >>
> > >> If you're switching to another root filesystem, using a tool that
> > >> wikipedia[citation needed] says has no purpose but to switch to anot=
her
> > >> root filesystem, (so let's reproduce the kernel infrastructure in
> > >> userspace while leaving it the kernel too)... why do you need initra=
mfs
> > >> to be tmpfs? You're using it for half a second, then discarding it,
> > >> what's the point of it being tmpfs?
> > > =

> > > Unlike the kernel image which is signed by the distros, the initramfs
> > > doesn't come signed, because it is built on the target system. =C2=A0=
Even
> > > if the initramfs did come signed, it is beneficial to measure and
> > > appraise the individual files in the initramfs.
> > =

> > You can still shoot yourself in the foot with tmpfs. People mount a /run
> > and a /tmp and then as a normal user you can go
> > https://twitter.com/landley/status/959103235305951233 and maybe the
> > default should be a little more clever there...
> > =

> > I'll throw it on the todo heap. :)
> > =

> > >> Sigh. If people are ok with having rootfs just be tmpfs whenever tmp=
fs
> > >> is configured in, even when you're then going to overmount it with
> > >> something else like you're doing, let's just _remove_ the test. If it
> > >> can be tmpfs, have it be tmpfs.
> > > =

> > > Very much appreciated!
> > =

> > Not yet tested, but something like the attached? (Sorry for the
> > half-finished doc changes in there, I'm at work and have a 5 minute
> > break. I can test properly this evening if you don't get to it...)
> =

> Yes, rootfs is being mounted as tmpfs.

I don't think you can unconditionally replace ramfs with initramfs by
default. Their behavior is different in some cases (e.g. pivot_root vs
switch_root) and it can break many systems that expect ramfs by default.