#!/bin/bash
#
# Set up readonly-root support.
#
. /etc/init.d/functions
# We need to initialize the $HOSTNAME variable by ourselves now:
# (It was previously done for RHEL-6 branch, but got lost in time.)
HOSTNAME="$(hostname)"
# Check SELinux status
SELINUX_STATE=
if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
if [ -r "/sys/fs/selinux/enforce" ] ; then
SELINUX_STATE=$(cat "/sys/fs/selinux/enforce")
else
# assume enforcing if you can't read it
SELINUX_STATE=1
fi
fi
selinux_fixup() {
if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then
restorecon -R "$1"
fi
}
# Only read this once.
[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline)
READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
. /etc/sysconfig/readonly-root
fi
if strstr "$cmdline" readonlyroot ; then
READONLY=yes
[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
[ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state
fi
if strstr "$cmdline" noreadonlyroot ; then
READONLY=no
fi
MOUNTS=()
if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
add_mount() {
mnt=${1%/}
MOUNTS=("${MOUNTS[@]}" "$mnt")
}
cp_empty() {
if [ -e "$1" ]; then
echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_dirs() {
if [ -e "$1" ]; then
mkdir -p "$RW_MOUNT$1"
find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_files() {
if [ -e "$1" ]; then
cp -a --parents "$1" "$RW_MOUNT"
add_mount $1
fi
}
# Common mount options for scratch space regardless of
# type of backing store
mountopts=
# Scan partitions for local scratch storage
rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device)
bindmountopts=
[ "$SLAVE_MOUNTS" = "yes" ] && bindmountopts="--make-slave"
# First try to mount scratch storage from /etc/fstab, then any
# partition with the proper label. If either succeeds, be sure
# to wipe the scratch storage clean. If both fail, then mount
# scratch storage via tmpfs.
if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
else
mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT"
fi
for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do
is_ignored_file "$file" && continue
[ -f $file ] && while read type path ; do
case "$type" in
empty)
cp_empty $path
;;
files)
cp_files $path
;;
dirs)
cp_dirs $path
;;
*)
;;
esac
done < <(cat $file)
done
for m in "${MOUNTS[@]}"; do
prefix=0
for mount_point in "${MOUNTS[@]}"; do
[[ $m = $mount_point ]] && continue
if [[ $m =~ ^$mount_point/.* ]] ; then
prefix=1
break
fi
done
[[ $prefix -eq 1 ]] && continue
mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m"
selinux_fixup "$m"
done
# Use any state passed by initramfs
[ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT
# In theory there should be no more than one network interface active
# this early in the boot process -- the one we're booting from.
# Use the network address to set the hostname of the client. This
# must be done even if we have local storage.
ipaddr=
if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }')
for ip in $ipaddr ; do
HOSTNAME=
eval $(ipcalc -h $ipaddr 2>/dev/null)
[ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
done
fi
# Clients with read-only root filesystems may be provided with a
# place where they can place minimal amounts of persistent
# state. SSH keys or puppet certificates for example.
#
# Ideally we'll use puppet to manage the state directory and to
# create the bind mounts. However, until that's all ready this
# is sufficient to build a working system.
# First try to mount persistent data from /etc/fstab, then any
# partition with the proper label, then fallback to NFS
state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device)
if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then
/bin/true
elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then
/bin/true
elif [ ! -z "$CLIENTSTATE" ]; then
# No local storage was found. Make a final attempt to find
# state on an NFS server.
mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock
fi
if [ -w "$STATE_MOUNT" ]; then
mount_state() {
if [ -e "$1" ]; then
[ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT"
mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1"
fi
}
for file in /etc/statetab /etc/statetab.d/* ; do
is_ignored_file "$file" && continue
[ ! -f "$file" ] && continue
if [ -f "$STATE_MOUNT/$file" ] ; then
mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file"
fi
for path in $(grep -v "^#" "$file" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
done
if [ -f "$STATE_MOUNT/files" ] ; then
for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
fi
fi
if mount | grep -q /var/lib/nfs/rpc_pipefs ; then
mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs
fi
fi
| Name | Type | Size | Permission | Actions |
|---|---|---|---|---|
| catalog | Folder | 0755 |
|
|
| ntp-units.d | Folder | 0755 |
|
|
| scripts | Folder | 0755 |
|
|
| system | Folder | 0755 |
|
|
| system-generators | Folder | 0755 |
|
|
| system-preset | Folder | 0755 |
|
|
| system-shutdown | Folder | 0755 |
|
|
| system-sleep | Folder | 0755 |
|
|
| user | Folder | 0755 |
|
|
| user-generators | Folder | 0755 |
|
|
| user-preset | Folder | 0755 |
|
|
| import-pubring.gpg | File | 9.33 KB | 0644 |
|
| rhel-autorelabel | File | 2.31 KB | 0755 |
|
| rhel-configure | File | 399 B | 0755 |
|
| rhel-dmesg | File | 110 B | 0755 |
|
| rhel-domainname | File | 158 B | 0755 |
|
| rhel-import-state | File | 1.03 KB | 0755 |
|
| rhel-loadmodules | File | 233 B | 0755 |
|
| rhel-readonly | File | 5.77 KB | 0755 |
|
| systemd | File | 1.56 MB | 0755 |
|
| systemd-ac-power | File | 23.41 KB | 0755 |
|
| systemd-activate | File | 68.52 KB | 0755 |
|
| systemd-backlight | File | 73.02 KB | 0755 |
|
| systemd-binfmt | File | 60.73 KB | 0755 |
|
| systemd-bootchart | File | 125.05 KB | 0755 |
|
| systemd-cgroups-agent | File | 35.91 KB | 0755 |
|
| systemd-coredump | File | 129.86 KB | 0755 |
|
| systemd-cryptsetup | File | 101.28 KB | 0755 |
|
| systemd-fsck | File | 331.23 KB | 0755 |
|
| systemd-hibernate-resume | File | 39.95 KB | 0755 |
|
| systemd-hostnamed | File | 367.16 KB | 0755 |
|
| systemd-importd | File | 367.75 KB | 0755 |
|
| systemd-initctl | File | 309.84 KB | 0755 |
|
| systemd-journald | File | 338.05 KB | 0755 |
|
| systemd-localed | File | 375.22 KB | 0755 |
|
| systemd-logind | File | 624.84 KB | 0755 |
|
| systemd-machine-id-commit | File | 52.19 KB | 0755 |
|
| systemd-machined | File | 482.01 KB | 0755 |
|
| systemd-modules-load | File | 64.8 KB | 0755 |
|
| systemd-pull | File | 183.14 KB | 0755 |
|
| systemd-quotacheck | File | 43.96 KB | 0755 |
|
| systemd-random-seed | File | 48.13 KB | 0755 |
|
| systemd-readahead | File | 97.51 KB | 0755 |
|
| systemd-remount-fs | File | 56.52 KB | 0755 |
|
| systemd-reply-password | File | 35.93 KB | 0755 |
|
| systemd-rfkill | File | 60.74 KB | 0755 |
|
| systemd-shutdown | File | 146.76 KB | 0755 |
|
| systemd-shutdownd | File | 64.52 KB | 0755 |
|
| systemd-sleep | File | 89.16 KB | 0755 |
|
| systemd-socket-proxyd | File | 105.52 KB | 0755 |
|
| systemd-sysctl | File | 64.83 KB | 0755 |
|
| systemd-sysv-install | File | 40.22 KB | 0755 |
|
| systemd-timedated | File | 375.91 KB | 0755 |
|
| systemd-udevd | File | 406.45 KB | 0755 |
|
| systemd-update-done | File | 44.07 KB | 0755 |
|
| systemd-update-utmp | File | 309.87 KB | 0755 |
|
| systemd-user-sessions | File | 44.16 KB | 0755 |
|
| systemd-vconsole-setup | File | 52.2 KB | 0755 |
|