Tuned initrd image and pseudo environment to fix bugs with extended

security attributes.

Bug-AGL: SPEC-259

Change-Id: I44499ce3f5f1924aecf63689a93d1f20e779225e
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>

2 files changed, 103 insertions, 0 deletions

diff --git a/recipes-sota/ostree-initrd/files/init.sh b/recipes-sota/ostree-initrd/files/init.sh
new file mode 100644
index 0000000..5aa99d6
--- /dev/null
+++ b/recipes-sota/ostree-initrd/files/init.sh
@@ -0,0 +1,84 @@
+#!/bin/sh
+
+# global variables
+
+SMACK=n
+DEBUG=n
+
+# -------------------------------------------
+
+log_info() { echo "$0[$$]: $@" >&2; }
+log_error() { echo "$0[$$]: ERROR $@" >&2; }
+
+do_mount_fs() {
+        log_info "mounting FS: $@"
+        [[ -e /proc/filesystems ]] && { grep -q "$1" /proc/filesystems || { log_error "Unknown filesystem"; return 1; } }
+        [[ -d "$2" ]] || mkdir -p "$2"
+        [[ -e /proc/mounts ]] && { grep -q -e "^$1 $2 $1" /proc/mounts && { log_info "$2 ($1) already mounted"; return 0; } }
+        mount -t "$1" "$1" "$2"
+}
+
+bail_out() {
+        log_error "$@"
+        log_info "Rebooting..."
+        #exec reboot -f
+        exec sh
+}
+
+get_ostree_sysroot() {
+        for opt in `cat /proc/cmdline`; do
+                arg=`echo $opt | cut -d'=' -f1`
+                if [ $arg == "ostree_root" ]; then
+                        echo $opt | cut -d'=' -f2
+                        return
+                fi
+        done
+}
+
+export PATH=/sbin:/usr/sbin:/bin:/usr/bin
+
+log_info "starting initrd script"
+
+do_mount_fs proc /proc
+do_mount_fs sysfs /sys
+do_mount_fs devtmpfs /dev
+do_mount_fs devpts /dev/pts
+do_mount_fs tmpfs /dev/shm
+do_mount_fs tmpfs /tmp
+do_mount_fs tmpfs /run
+
+# check if smack is active (and if so, mount smackfs)
+grep -q smackfs /proc/filesystems && {
+        SMACK=y
+
+        do_mount_fs smackfs /sys/fs/smackfs
+
+        # adjust current label and network label
+        echo System >/proc/self/attr/current
+        echo System >/sys/fs/smackfs/ambient
+}
+
+mkdir -p /sysroot
+ostree_sysroot=$(get_ostree_sysroot)
+
+mount $ostree_sysroot /sysroot || bail_out "Unable to mount $ostree_sysroot as physical sysroot"
+ostree-prepare-root /sysroot
+
+# move mounted devices to new root
+cd /sysroot
+for x in dev proc; do
+        log_info "Moving /$x to new rootfs"
+        mount -o move /$x $x
+done
+
+# switch to new rootfs
+log_info "Switching to new rootfs"
+mkdir -p run/initramfs
+
+pivot_root . run/initramfs || bail_out "pivot_root failed."
+
+log_info "Launching target init"
+
+exec chroot . sh -c 'umount /run/initramfs; exec /sbin/init' \
+          <dev/console >dev/console 2>&1
+
diff --git a/recipes-sota/ostree-initrd/ostree-initrd.bb b/recipes-sota/ostree-initrd/ostree-initrd.bb
new file mode 100644
index 0000000..5c85bee
--- /dev/null
+++ b/recipes-sota/ostree-initrd/ostree-initrd.bb
@@ -0,0 +1,19 @@
+SUMMARY = "Extremely basic live image init script"
+LICENSE = "MIT"
+LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
+SRC_URI = "file://init.sh"
+
+S = "${WORKDIR}"
+
+do_install() {
+        install -dm 0755 ${D}/etc
+        touch ${D}/etc/initrd-release
+        install -dm 0755 ${D}/dev
+        install -dm 0755 ${D}/sbin
+        install -m 0755 ${WORKDIR}/init.sh ${D}/sbin/init
+}
+
+inherit allarch
+
+FILES_${PN} += " /dev /etc/initrd-release /sbin/init "
+