kinit/run-init/runinitlib.c

/* ----------------------------------------------------------------------- *
 *
 *   Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
 *
 *   Permission is hereby granted, free of charge, to any person
 *   obtaining a copy of this software and associated documentation
 *   files (the "Software"), to deal in the Software without
 *   restriction, including without limitation the rights to use,
 *   copy, modify, merge, publish, distribute, sublicense, and/or
 *   sell copies of the Software, and to permit persons to whom
 *   the Software is furnished to do so, subject to the following
 *   conditions:
 *
 *   The above copyright notice and this permission notice shall
 *   be included in all copies or substantial portions of the Software.
 *
 *   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
 *   EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
 *   OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 *   NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
 *   HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
 *   WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
 *   FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
 *   OTHER DEALINGS IN THE SOFTWARE.
 *
 * ----------------------------------------------------------------------- */

/*
 * run_init(consoledev, realroot, init, initargs)
 *
 * This function should be called as the last thing in kinit,
 * from initramfs, it does the following:
 *
 * - Delete all files in the initramfs;
 * - Remounts /real-root onto the root filesystem;
 * - Chroots;
 * - Opens /dev/console;
 * - Spawns the specified init program (with arguments.)
 *
 * On failure, returns a human-readable error message.
 */

#include <assert.h>
#include <dirent.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/mount.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/vfs.h>
#include "run-init.h"

/* Make it possible to compile on glibc by including constants that the
   always-behind shipped glibc headers may not include.  Classic example
   on why the lack of ABI headers screw us up. */
#ifndef TMPFS_MAGIC
# define TMPFS_MAGIC	0x01021994
#endif
#ifndef RAMFS_MAGIC
# define RAMFS_MAGIC	0x858458f6
#endif
#ifndef MS_MOVE
# define MS_MOVE	8192
#endif

static int nuke(const char *what);

static int nuke_dirent(int len, const char *dir, const char *name, dev_t me)
{
	int bytes = len + strlen(name) + 2;
	char path[bytes];
	int xlen;
	struct stat st;

	xlen = snprintf(path, bytes, "%s/%s", dir, name);
	assert(xlen < bytes);

	if (lstat(path, &st))
		return ENOENT;	/* Return 0 since already gone? */

	if (st.st_dev != me)
		return 0;	/* DO NOT recurse down mount points!!!!! */

	return nuke(path);
}

/* Wipe the contents of a directory, but not the directory itself */
static int nuke_dir(const char *what)
{
	int len = strlen(what);
	DIR *dir;
	struct dirent *d;
	int err = 0;
	struct stat st;

	if (lstat(what, &st))
		return errno;

	if (!S_ISDIR(st.st_mode))
		return ENOTDIR;

	if (!(dir = opendir(what))) {
		/* EACCES means we can't read it.  Might be empty and removable;
		   if not, the rmdir() in nuke() will trigger an error. */
		return (errno == EACCES) ? 0 : errno;
	}

	while ((d = readdir(dir))) {
		/* Skip . and .. */
		if (d->d_name[0] == '.' &&
		    (d->d_name[1] == '\0' ||
		     (d->d_name[1] == '.' && d->d_name[2] == '\0')))
			continue;

		err = nuke_dirent(len, what, d->d_name, st.st_dev);
		if (err) {
			closedir(dir);
			return err;
		}
	}

	closedir(dir);

	return 0;
}

static int nuke(const char *what)
{
	int rv;
	int err = 0;

	rv = unlink(what);
	if (rv < 0) {
		if (errno == EISDIR) {
			/* It's a directory. */
			err = nuke_dir(what);
			if (!err)
				err = rmdir(what) ? errno : err;
		} else {
			err = errno;
		}
	}

	if (err) {
		errno = err;
		return err;
	} else {
		return 0;
	}
}

const char *run_init(const char *realroot, const char *console,
		     const char *init, char **initargs)
{
	struct stat rst, cst;
	struct statfs sfs;
	int confd;

	/* First, change to the new root directory */
	if (chdir(realroot))
		return "chdir to new root";

	/* This is a potentially highly destructive program.  Take some
	   extra precautions. */

	/* Make sure the current directory is not on the same filesystem
	   as the root directory */
	if (stat("/", &rst) || stat(".", &cst))
		return "stat";

	if (rst.st_dev == cst.st_dev)
		return "current directory on the same filesystem as the root";

	/* Make sure we're on a ramfs */
	if (statfs("/", &sfs))
		return "statfs /";
	if (sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC)
		return "rootfs not a ramfs or tmpfs";

	/* Okay, I think we should be safe... */

	/* Delete rootfs contents */
	if (nuke_dir("/"))
		return "nuking initramfs contents";

	/* Overmount the root */
	if (mount(".", "/", NULL, MS_MOVE, NULL))
		return "overmounting root";

	/* chroot, chdir */
	if (chroot(".") || chdir("/"))
		return "chroot";

	/* Open /dev/console */
	if ((confd = open(console, O_RDWR)) < 0)
		return "opening console";
	dup2(confd, 0);
	dup2(confd, 1);
	dup2(confd, 2);
	close(confd);

	/* Spawn init */
	execv(init, initargs);
	return init;		/* Failed to spawn init */
}
1	/* ----------------------------------------------------------------------- *
2	*
3	* Copyright 2004-2006 H. Peter Anvin - All Rights Reserved
4	*
5	* Permission is hereby granted, free of charge, to any person
6	* obtaining a copy of this software and associated documentation
7	* files (the "Software"), to deal in the Software without
8	* restriction, including without limitation the rights to use,
9	* copy, modify, merge, publish, distribute, sublicense, and/or
10	* sell copies of the Software, and to permit persons to whom
11	* the Software is furnished to do so, subject to the following
12	* conditions:
13	*
14	* The above copyright notice and this permission notice shall
15	* be included in all copies or substantial portions of the Software.
16	*
17	* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
18	* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
19	* OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
20	* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT
21	* HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
22	* WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
23	* FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
24	* OTHER DEALINGS IN THE SOFTWARE.
25	*
26	* ----------------------------------------------------------------------- */
27
28	/*
29	* run_init(consoledev, realroot, init, initargs)
30	*
31	* This function should be called as the last thing in kinit,
32	* from initramfs, it does the following:
33	*
34	* - Delete all files in the initramfs;
35	* - Remounts /real-root onto the root filesystem;
36	* - Chroots;
37	* - Opens /dev/console;
38	* - Spawns the specified init program (with arguments.)
39	*
40	* On failure, returns a human-readable error message.
41	*/
42
43	#include <assert.h>
44	#include <dirent.h>
45	#include <errno.h>
46	#include <fcntl.h>
47	#include <string.h>
48	#include <stdlib.h>
49	#include <stdio.h>
50	#include <unistd.h>
51	#include <sys/mount.h>
52	#include <sys/stat.h>
53	#include <sys/types.h>
54	#include <sys/vfs.h>
55	#include "run-init.h"
56
57	/* Make it possible to compile on glibc by including constants that the
58	always-behind shipped glibc headers may not include. Classic example
59	on why the lack of ABI headers screw us up. */
60	#ifndef TMPFS_MAGIC
61	# define TMPFS_MAGIC 0x01021994
62	#endif
63	#ifndef RAMFS_MAGIC
64	# define RAMFS_MAGIC 0x858458f6
65	#endif
66	#ifndef MS_MOVE
67	# define MS_MOVE 8192
68	#endif
69
70	static int nuke(const char *what);
71
72	static int nuke_dirent(int len, const char dir, const char name, dev_t me)
73	{
74	int bytes = len + strlen(name) + 2;
75	char path[bytes];
76	int xlen;
77	struct stat st;
78
79	xlen = snprintf(path, bytes, "%s/%s", dir, name);
80	assert(xlen < bytes);
81
82	if (lstat(path, &st))
83	return ENOENT; /* Return 0 since already gone? */
84
85	if (st.st_dev != me)
86	return 0; /* DO NOT recurse down mount points!!!!! */
87
88	return nuke(path);
89	}
90
91	/* Wipe the contents of a directory, but not the directory itself */
92	static int nuke_dir(const char *what)
93	{
94	int len = strlen(what);
95	DIR *dir;
96	struct dirent *d;
97	int err = 0;
98	struct stat st;
99
100	if (lstat(what, &st))
101	return errno;
102
103	if (!S_ISDIR(st.st_mode))
104	return ENOTDIR;
105
106	if (!(dir = opendir(what))) {
107	/* EACCES means we can't read it. Might be empty and removable;
108	if not, the rmdir() in nuke() will trigger an error. */
109	return (errno == EACCES) ? 0 : errno;
110	}
111
112	while ((d = readdir(dir))) {
113	/* Skip . and .. */
114	if (d->d_name[0] == '.' &&
115	(d->d_name[1] == '\0' \|\|
116	(d->d_name[1] == '.' && d->d_name[2] == '\0')))
117	continue;
118
119	err = nuke_dirent(len, what, d->d_name, st.st_dev);
120	if (err) {
121	closedir(dir);
122	return err;
123	}
124	}
125
126	closedir(dir);
127
128	return 0;
129	}
130
131	static int nuke(const char *what)
132	{
133	int rv;
134	int err = 0;
135
136	rv = unlink(what);
137	if (rv < 0) {
138	if (errno == EISDIR) {
139	/* It's a directory. */
140	err = nuke_dir(what);
141	if (!err)
142	err = rmdir(what) ? errno : err;
143	} else {
144	err = errno;
145	}
146	}
147
148	if (err) {
149	errno = err;
150	return err;
151	} else {
152	return 0;
153	}
154	}
155
156	const char run_init(const char realroot, const char *console,
157	const char init, char *initargs)
158	{
159	struct stat rst, cst;
160	struct statfs sfs;
161	int confd;
162
163	/* First, change to the new root directory */
164	if (chdir(realroot))
165	return "chdir to new root";
166
167	/* This is a potentially highly destructive program. Take some
168	extra precautions. */
169
170	/* Make sure the current directory is not on the same filesystem
171	as the root directory */
172	if (stat("/", &rst) \|\| stat(".", &cst))
173	return "stat";
174
175	if (rst.st_dev == cst.st_dev)
176	return "current directory on the same filesystem as the root";
177
178	/* Make sure we're on a ramfs */
179	if (statfs("/", &sfs))
180	return "statfs /";
181	if (sfs.f_type != RAMFS_MAGIC && sfs.f_type != TMPFS_MAGIC)
182	return "rootfs not a ramfs or tmpfs";
183
184	/* Okay, I think we should be safe... */
185
186	/* Delete rootfs contents */
187	if (nuke_dir("/"))
188	return "nuking initramfs contents";
189
190	/* Overmount the root */
191	if (mount(".", "/", NULL, MS_MOVE, NULL))
192	return "overmounting root";
193
194	/* chroot, chdir */
195	if (chroot(".") \|\| chdir("/"))
196	return "chroot";
197
198	/* Open /dev/console */
199	if ((confd = open(console, O_RDWR)) < 0)
200	return "opening console";
201	dup2(confd, 0);
202	dup2(confd, 1);
203	dup2(confd, 2);
204	close(confd);
205
206	/* Spawn init */
207	execv(init, initargs);
208	return init; /* Failed to spawn init */
209	}