Received: by 10.192.165.156 with SMTP id m28csp793310imm; Mon, 16 Apr 2018 08:48:17 -0700 (PDT) X-Google-Smtp-Source: AIpwx4/UPuyxBOHFZiLLQqeD68ou6NninegnHHm/skr50V+FyWpLcOT4USmiAis7nqiEiiTU/wJp X-Received: by 2002:a17:902:e01:: with SMTP id 1-v6mr4761871plw.211.1523893697439; Mon, 16 Apr 2018 08:48:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523893697; cv=none; d=google.com; s=arc-20160816; b=PyJSIPc/u+fWa3+IrE0UU4hl+Iia0wKyl9/50dOOFQ/jH7B5bsdtaX09CBj7fIdKF7 cxcp2jDgL2/oqdbUyeR0FUlVqZbzd91Yw1wIFllXBdoBVE/90WF6Y9sLlhYS0HiLCfoL qttIyYT2h9TSOs535AWM/Vvo9kUEHCoGzrp8jTnSDAdcPH9QXgnPgo0W3KypFbWoCMyN n9OtoMzM13ujDyWHUUl7uyWvuuXOf3tE8apEs5ykuczVeRcVu27r9bShXcC8bGTcyfZL NOpBtYtNu8ch5sQn31jW6eKU7WyXzvupryw04p7A+gdt7G8WYHctbcgvB3x12Mx4pZ6Q TmPA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject :arc-authentication-results; bh=59juJvXysEzH6a4IILm/GhdtPo3B4qpWRuPCibAgQnQ=; b=s/F07p+onmGtbTS3vi8eohZSFtLiF4Rzc+LnCkeqIv23rE9fRy0dyM/iv4UfkU0ydo wyU8G9CE3g8vQLRsXB+U7S5L0ZlolVjvliIV6LOHEDtEjlImBoBCMe0s1gigMjLpuVA8 l4Piarm5iEHo1XXBS+BXsDEiWmNebUtfzfAt3hgCFWIbsFHZXG9YxO6aNbir8NPY8u3e 4m9nIb74L3tv+XiMx5a6sQwLJgVdfR9CTnZc8BgR56hbFaVdZvMLnM5wzUx/xDI2vOw7 z7BYpUsmLrFUlZxCJwneSu1bJD4S8hxtlSVwZFZ3/WWZ0RXfsEJs+NQ7+ifubSVgYPUZ QpWg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z7si9939973pgs.645.2018.04.16.08.48.02; Mon, 16 Apr 2018 08:48:17 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752802AbeDPPqT (ORCPT + 99 others); Mon, 16 Apr 2018 11:46:19 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:50578 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1751893AbeDPPqQ (ORCPT ); Mon, 16 Apr 2018 11:46:16 -0400 Received: from pps.filterd (m0098419.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3GFdaFK105999 for ; Mon, 16 Apr 2018 11:46:15 -0400 Received: from e06smtp11.uk.ibm.com (e06smtp11.uk.ibm.com [195.75.94.107]) by mx0b-001b2d01.pphosted.com with ESMTP id 2hcwkekfw8-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Mon, 16 Apr 2018 11:46:15 -0400 Received: from localhost by e06smtp11.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 16 Apr 2018 16:46:12 +0100 Received: from b06cxnps3074.portsmouth.uk.ibm.com (9.149.109.194) by e06smtp11.uk.ibm.com (192.168.101.141) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Mon, 16 Apr 2018 16:46:08 +0100 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3074.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w3GFk7W564290948; Mon, 16 Apr 2018 15:46:07 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id EF52C4C04E; Mon, 16 Apr 2018 16:38:39 +0100 (BST) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id DE5B64C059; Mon, 16 Apr 2018 16:38:38 +0100 (BST) Received: from localhost.localdomain (unknown [9.80.105.39]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 16 Apr 2018 16:38:38 +0100 (BST) Subject: Re: [RFC PATCH] rootfs: force mounting rootfs as tmpfs From: Mimi Zohar To: Rob Landley , Taras Kondratiuk , Arvind Sankar Cc: initramfs , Victor Kamensky , linux-security-module , Al Viro , linux-kernel Date: Mon, 16 Apr 2018 11:46:05 -0400 In-Reply-To: <8d6b1fcc-1a21-1707-dd8e-43529e1d644c@landley.net> References: <1517348777.3469.5.camel@linux.vnet.ibm.com> <1814af5c-170d-39c0-58fd-02eb7216e008@landley.net> <1517436423.3469.237.camel@linux.vnet.ibm.com> <20180201020331.GA3774@rani.riverdale> <1517458921.3329.2.camel@linux.vnet.ibm.com> <1517500500.3974.45.camel@linux.vnet.ibm.com> <875e5d2d-9ffe-14ab-090a-4a9632af0f35@landley.net> <1517521912.3619.0.camel@linux.vnet.ibm.com> <151752488608.10051.146219644323454814@takondra-t460s> <8d6b1fcc-1a21-1707-dd8e-43529e1d644c@landley.net> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18041615-0040-0000-0000-0000044E270E X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18041615-0041-0000-0000-000020F269AE Message-Id: <1523893565.3272.191.camel@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-04-16_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1804160144 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Rob, On Thu, 2018-02-01 at 17:34 -0600, Rob Landley wrote: > > On 02/01/2018 04:41 PM, Taras Kondratiuk wrote: > > Quoting Mimi Zohar (2018-02-01 13:51:52) > >> On Thu, 2018-02-01 at 11:09 -0600, Rob Landley wrote: > >>> On 02/01/2018 09:55 AM, Mimi Zohar wrote: > >>>> On Thu, 2018-02-01 at 09:20 -0600, Rob Landley wrote: > >>>> > >>>>>> With your patch and specifying "root=tmpfs", dracut is complaining: > >>>>>> > >>>>>> dracut: FATAL: Don't know how to handle 'root=tmpfs' > >>>>>> dracut: refusing to continue > >>>>> > >>>>> [googles]... I do not understand why this package exists. > >>>>> > >>>>> If you're switching to another root filesystem, using a tool that > >>>>> wikipedia[citation needed] says has no purpose but to switch to another > >>>>> root filesystem, (so let's reproduce the kernel infrastructure in > >>>>> userspace while leaving it the kernel too)... why do you need initramfs > >>>>> to be tmpfs? You're using it for half a second, then discarding it, > >>>>> what's the point of it being tmpfs? > >>>> > >>>> Unlike the kernel image which is signed by the distros, the initramfs > >>>> doesn't come signed, because it is built on the target system.  Even > >>>> if the initramfs did come signed, it is beneficial to measure and > >>>> appraise the individual files in the initramfs. > >>> > >>> You can still shoot yourself in the foot with tmpfs. People mount a /run > >>> and a /tmp and then as a normal user you can go > >>> https://twitter.com/landley/status/959103235305951233 and maybe the > >>> default should be a little more clever there... > >>> > >>> I'll throw it on the todo heap. :) > >>> > >>>>> Sigh. If people are ok with having rootfs just be tmpfs whenever tmpfs > >>>>> is configured in, even when you're then going to overmount it with > >>>>> something else like you're doing, let's just _remove_ the test. If it > >>>>> can be tmpfs, have it be tmpfs. > >>>> > >>>> Very much appreciated! > >>> > >>> Not yet tested, but something like the attached? (Sorry for the > >>> half-finished doc changes in there, I'm at work and have a 5 minute > >>> break. I can test properly this evening if you don't get to it...) > >> > >> Yes, rootfs is being mounted as tmpfs. > > > > I don't think you can unconditionally replace ramfs with initramfs by > > default. Their behavior is different in some cases (e.g. pivot_root vs > > switch_root) > > Both are switch_root, you can't pivot_root off of either one. (Yes, I > hit that bug and reported it, and they fixed it, back in the day... > http://lists.busybox.net/pipermail/busybox/2006-March/053529.html ) > > > and it can break many systems that expect ramfs by default. > > The use case I told Mimi about off-list (since they stopped cc:ing the > list in one of their replies but the conversation continued) was the guy > who was extracting an initramfs bigger than 50% of system memory, which > worked with initramfs but failed with initmpfs. A quick google didn't > find the original message but it resulted in this blog entry from the > affected party: > > http://www.lightofdawn.org/blog/?viewDetailed=00128 > > I.E. yeah, I know, I need to redo these patches tonight. I'd really like to be able to have rootfs be a tmpfs filesystem.  Any time estimate on this patch? thanks! Mimi