| #ident "$Id: run-init.c,v 1.8 2005/01/01 22:34:34 hpa Exp $" |
| /* ----------------------------------------------------------------------- * |
| * |
| * Copyright 2004 H. Peter Anvin - All Rights Reserved |
| * |
| * Permission is hereby granted, free of charge, to any person |
| * obtaining a copy of this software and associated documentation |
| * files (the "Software"), to deal in the Software without |
| * restriction, including without limitation the rights to use, |
| * copy, modify, merge, publish, distribute, sublicense, and/or |
| * sell copies of the Software, and to permit persons to whom |
| * the Software is furnished to do so, subject to the following |
| * conditions: |
| * |
| * The above copyright notice and this permission notice shall |
| * be included in all copies or substantial portions of the Software. |
| * |
| * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, |
| * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES |
| * OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND |
| * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT |
| * HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, |
| * WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING |
| * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR |
| * OTHER DEALINGS IN THE SOFTWARE. |
| * |
| * ----------------------------------------------------------------------- */ |
| |
| /* |
| * run-init.c |
| * |
| * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@" |
| * |
| * This program should be called as the last thing in a shell script |
| * acting as /init in an initramfs; it does the following: |
| * |
| * - Delete all files in the initramfs; |
| * - Remounts /real-root onto the root filesystem; |
| * - Chroots; |
| * - Opens /dev/console; |
| * - Spawns the specified init program (with arguments.) |
| */ |
| |
| #include <alloca.h> |
| #include <assert.h> |
| #include <dirent.h> |
| #include <errno.h> |
| #include <fcntl.h> |
| #include <string.h> |
| #include <stdlib.h> |
| #include <stdio.h> |
| #include <unistd.h> |
| #include <sys/mount.h> |
| #include <sys/stat.h> |
| #include <sys/types.h> |
| #include <sys/vfs.h> |
| |
| /* Make it possible to compile on glibc by including constants that the |
| always-behind shipped glibc headers may not include. Classic example |
| on why the lack of ABI headers screw us up. */ |
| #ifndef TMPFS_MAGIC |
| # define TMPFS_MAGIC 0x01021994 |
| #endif |
| #ifndef RAMFS_MAGIC |
| # define RAMFS_MAGIC 0x858458f6 |
| #endif |
| #ifndef MS_MOVE |
| # define MS_MOVE 8192 |
| #endif |
| |
| static const char *program; |
| |
| static void __attribute__((noreturn)) die(const char *msg) |
| { |
| fprintf(stderr, "%s: %s: %s\n", program, msg, strerror(errno)); |
| exit(1); |
| } |
| |
| static int nuke(const char *what); |
| |
| static int nuke_dirent(int len, const char *dir, const char *name, dev_t me) |
| { |
| int bytes = len+strlen(name)+2; |
| char path[bytes]; |
| int xlen; |
| struct stat st; |
| |
| xlen = snprintf(path, bytes, "%s/%s", dir, name); |
| assert(xlen < bytes); |
| |
| if ( lstat(path, &st) ) |
| return ENOENT; /* Return 0 since already gone? */ |
| |
| if ( st.st_dev != me ) |
| return 0; /* DO NOT recurse down mount points!!!!! */ |
| |
| return nuke(path); |
| } |
| |
| /* Wipe the contents of a directory, but not the directory itself */ |
| static int nuke_dir(const char *what) |
| { |
| int len = strlen(what); |
| DIR *dir; |
| struct dirent *d; |
| int err = 0; |
| struct stat st; |
| |
| if ( lstat(what, &st) ) |
| return errno; |
| |
| if ( !S_ISDIR(st.st_mode) ) |
| return ENOTDIR; |
| |
| if ( !(dir = opendir(what)) ) { |
| /* EACCES means we can't read it. Might be empty and removable; |
| if not, the rmdir() in nuke() will trigger an error. */ |
| return (errno == EACCES) ? 0 : errno; |
| } |
| |
| while ( (d = readdir(dir)) ) { |
| /* Skip . and .. */ |
| if ( d->d_name[0] == '.' && |
| (d->d_name[1] == '\0' || |
| (d->d_name[1] == '.' && d->d_name[2] == '\0')) ) |
| continue; |
| |
| err = nuke_dirent(len, what, d->d_name, st.st_dev); |
| if ( err ) { |
| closedir(dir); |
| return err; |
| } |
| } |
| |
| closedir(dir); |
| |
| return 0; |
| } |
| |
| static int nuke(const char *what) |
| { |
| int rv; |
| int err = 0; |
| |
| rv = unlink(what); |
| if ( rv < 0 ) { |
| if ( errno == EISDIR ) { |
| /* It's a directory. */ |
| err = nuke_dir(what); |
| if ( !err ) err = rmdir(what) ? errno : err; |
| } else { |
| err = errno; |
| } |
| } |
| |
| if ( err ) { |
| errno = err; |
| die(what); |
| } else { |
| return 0; |
| } |
| } |
| |
| |
| static void __attribute__((noreturn)) usage(void) |
| { |
| fprintf(stderr, "Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n", program); |
| exit(1); |
| } |
| |
| |
| int main(int argc, char *argv[]) |
| { |
| struct stat rst, cst, ist; |
| struct statfs sfs; |
| int o; |
| int confd; |
| |
| /* Command-line options and defaults */ |
| const char *console = "/dev/console"; |
| const char *realroot; |
| const char *init; |
| char **initargs; |
| |
| /* First, parse the command line */ |
| program = argv[0]; |
| |
| while ( (o = getopt(argc, argv, "c:")) != -1 ) { |
| if ( o == 'c' ) { |
| console = optarg; |
| } else { |
| usage(); |
| } |
| } |
| |
| if ( argc-optind < 2 ) |
| usage(); |
| |
| realroot = argv[optind]; |
| init = argv[optind+1]; |
| initargs = argv+optind+1; |
| |
| /* First, change to the new root directory */ |
| if ( chdir(realroot) ) |
| die("chdir to new root"); |
| |
| /* This is a potentially highly destructive program. Take some |
| extra precautions. */ |
| |
| /* Make sure the current directory is not on the same filesystem |
| as the root directory */ |
| if ( stat("/", &rst) || stat(".", &cst) ) |
| die("stat"); |
| |
| if ( rst.st_dev == cst.st_dev ) |
| die("current directory on the same filesystem as the root"); |
| |
| /* The initramfs should have /init */ |
| if ( stat("/init", &ist) || !S_ISREG(ist.st_mode) ) |
| die("can't find /init on initramfs"); |
| |
| /* Make sure we're on a ramfs */ |
| if ( statfs("/", &sfs) ) |
| die("statfs /"); |
| if ( sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC ) |
| die("rootfs not a ramfs or tmpfs"); |
| |
| /* Okay, I think we should be safe... */ |
| |
| /* Delete rootfs contents */ |
| if ( nuke_dir("/") ) |
| die("nuking initramfs contents"); |
| |
| /* Overmount the root */ |
| if ( mount(".", "/", NULL, MS_MOVE, NULL) ) |
| die("overmounting root"); |
| |
| /* chroot, chdir */ |
| if ( chroot(".") || chdir("/") ) |
| die("chroot"); |
| |
| /* Open /dev/console */ |
| if ( (confd = open(console, O_RDWR)) < 0 ) |
| die("opening console"); |
| dup2(confd, 0); |
| dup2(confd, 1); |
| dup2(confd, 2); |
| close(confd); |
| |
| /* Spawn init */ |
| execv(init, initargs); |
| die(init); /* Failed to spawn init */ |
| } |