#ident "$Id: run-init.c,v 1.8 2005/01/01 22:34:34 hpa Exp $"
/* ----------------------------------------------------------------------- *
 *   
 *   Copyright 2004 H. Peter Anvin - All Rights Reserved
 *
 *   Permission is hereby granted, free of charge, to any person
 *   obtaining a copy of this software and associated documentation
 *   files (the "Software"), to deal in the Software without
 *   restriction, including without limitation the rights to use,
 *   copy, modify, merge, publish, distribute, sublicense, and/or
 *   sell copies of the Software, and to permit persons to whom
 *   the Software is furnished to do so, subject to the following
 *   conditions:
 *   
 *   The above copyright notice and this permission notice shall
 *   be included in all copies or substantial portions of the Software.
 *   
 *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
 *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 *   OTHER DEALINGS IN THE SOFTWARE.
 *
 * ----------------------------------------------------------------------- */

/*
 * run-init.c
 *
 * Usage: exec run-init [-c /dev/console] /real-root /sbin/init "$@"
 *
 * This program should be called as the last thing in a shell script
 * acting as /init in an initramfs; it does the following:
 *
 * - Delete all files in the initramfs;
 * - Remounts /real-root onto the root filesystem;
 * - Chroots;
 * - Opens /dev/console;
 * - Spawns the specified init program (with arguments.)
 */

#include <alloca.h>
#include <assert.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/vfs.h>

/* Make it possible to compile on glibc by including constants that the
   always-behind shipped glibc headers may not include.  Classic example
   on why the lack of ABI headers screw us up. */
#ifndef TMPFS_MAGIC
# define TMPFS_MAGIC	0x01021994
#endif
#ifndef RAMFS_MAGIC
# define RAMFS_MAGIC	0x858458f6
#endif
#ifndef MS_MOVE
# define MS_MOVE	8192
#endif

static const char *program;

static void __attribute__((noreturn)) die(const char *msg)
{
  fprintf(stderr, "%s: %s: %s\n", program, msg, strerror(errno));
  exit(1);
}

static int nuke(const char *what);

static int nuke_dirent(int len, const char *dir, const char *name, dev_t me)
{
  int bytes = len+strlen(name)+2;
  char path[bytes];
  int xlen;
  struct stat st;

  xlen = snprintf(path, bytes, "%s/%s", dir, name);
  assert(xlen < bytes);

  if ( lstat(path, &st) )
    return ENOENT;		/* Return 0 since already gone? */

  if ( st.st_dev != me )
    return 0;			/* DO NOT recurse down mount points!!!!! */

  return nuke(path);
}

/* Wipe the contents of a directory, but not the directory itself */
static int nuke_dir(const char *what)
{
  int len = strlen(what);
  DIR *dir;
  struct dirent *d;
  int err = 0;
  struct stat st;

  if ( lstat(what, &st) )
    return errno;
  
  if ( !S_ISDIR(st.st_mode) )
    return ENOTDIR;

  if ( !(dir = opendir(what)) ) {
    /* EACCES means we can't read it.  Might be empty and removable;
       if not, the rmdir() in nuke() will trigger an error. */
    return (errno == EACCES) ? 0 : errno;
  }
  
  while ( (d = readdir(dir)) ) {
    /* Skip . and .. */
    if ( d->d_name[0] == '.' &&
	 (d->d_name[1] == '\0' ||
	  (d->d_name[1] == '.' && d->d_name[2] == '\0')) )
      continue;
    
    err = nuke_dirent(len, what, d->d_name, st.st_dev);
    if ( err ) {
      closedir(dir);
      return err;
    }
  }
  
  closedir(dir);

  return 0;
}

static int nuke(const char *what)
{
  int rv;
  int err = 0;

  rv = unlink(what);
  if ( rv < 0 ) {
    if ( errno == EISDIR ) {
      /* It's a directory. */
      err = nuke_dir(what);
      if ( !err ) err = rmdir(what) ? errno : err;
    } else {
      err = errno;
    }
  }

  if ( err ) {
    errno = err;
    die(what);
  } else {
    return 0;
  }
}


static void __attribute__((noreturn)) usage(void)
{
  fprintf(stderr, "Usage: exec %s [-c consoledev] /real-root /sbin/init [args]\n", program);
  exit(1);
}


int main(int argc, char *argv[])
{
  struct stat   rst, cst, ist;
  struct statfs sfs;
  int o;
  int confd;

  /* Command-line options and defaults */
  const char *console = "/dev/console";
  const char *realroot;
  const char *init;
  char **initargs;

  /* First, parse the command line */
  program = argv[0];

  while ( (o = getopt(argc, argv, "c:")) != -1 ) {
    if ( o == 'c' ) {
      console = optarg;
    } else {
      usage();
    }
  }

  if ( argc-optind < 2 )
    usage();

  realroot = argv[optind];
  init     = argv[optind+1];
  initargs = argv+optind+1;

  /* First, change to the new root directory */
  if ( chdir(realroot) )
    die("chdir to new root");

  /* This is a potentially highly destructive program.  Take some
     extra precautions. */

  /* Make sure the current directory is not on the same filesystem
     as the root directory */
  if ( stat("/", &rst) || stat(".", &cst) )
    die("stat");

  if ( rst.st_dev == cst.st_dev )
    die("current directory on the same filesystem as the root");
  
  /* The initramfs should have /init */
  if ( stat("/init", &ist) || !S_ISREG(ist.st_mode) )
    die("can't find /init on initramfs");

  /* Make sure we're on a ramfs */
  if ( statfs("/", &sfs) )
    die("statfs /");
  if ( sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC )
    die("rootfs not a ramfs or tmpfs");

  /* Okay, I think we should be safe... */

  /* Delete rootfs contents */
  if ( nuke_dir("/") )
    die("nuking initramfs contents");

  /* Overmount the root */
  if ( mount(".", "/", NULL, MS_MOVE, NULL) )
    die("overmounting root");
  
  /* chroot, chdir */
  if ( chroot(".") || chdir("/") )
    die("chroot");

  /* Open /dev/console */
  if ( (confd = open(console, O_RDWR)) < 0 )
    die("opening console");
  dup2(confd, 0);
  dup2(confd, 1);
  dup2(confd, 2);
  close(confd);

  /* Spawn init */
  execv(init, initargs);
  die(init);			/* Failed to spawn init */
}