user rle...@debian.org usertag 620191 run-transition usertag 620157 run-transition severity 620191 important severity 620157 important block 620191 by 620157
On Fri, Apr 01, 2011 at 06:01:55PM +0100, Roger Leigh wrote: > On Fri, Apr 01, 2011 at 05:42:53PM +0100, Roger Leigh wrote: > > On Fri, Apr 01, 2011 at 04:19:03PM +0100, Roger Leigh wrote: > > > On Fri, Apr 01, 2011 at 03:11:18PM +0100, Roger Leigh wrote: > > > > On Fri, Apr 01, 2011 at 02:18:11PM +0100, Roger Leigh wrote: > > > > > On Thu, Mar 31, 2011 at 06:55:16PM +0100, Roger Leigh wrote: > > > > > > On Wed, Mar 30, 2011 at 11:00:57PM +0100, Roger Leigh wrote: > > > > > > > The attached patch contains a detailed changelog of the changes, > > > > > > > so > > > > > > > I won't repeat it here verbatim. Outstanding issues are marked > > > > > > > TODO, and may require further discussion to resolve them. > > > > > > > > > > > > Updated patch attached. Handles upgrades and reboots; other than > > > > > > the one outstanding TODO item (transition of /lib/init/rw from > > > > > > directory to symlink, probably something we can leave until after > > > > > > squeeze). > > > > > > > > > > Updated patch attached. This one has been tested in a VM, and will > > > > > allow a machine to boot and transition to /run safely. > > > > > > > > > > Minor outstanding issue: > > > > > /etc/init.d/mountall.sh fails. This is due to (apparently) / and > > > > > /proc > > > > > already being mounted, leading to a 32 exit status. Maybe an mtab > > > > > issue? > > > > > > > > > > In order to work properly with bind mounts on freebsd kernels, I've > > > > > synched domount and domtab logic so that they behave identically. > > > > > However, I'm seeing some odd double bind mounts in /proc/mounts > > > > > and an incomplete /etc/mtab, so there's possibly something not quite > > > > > right here. > > > > > > > > > > Apart from this one issue, everything else is working fully. > > > > > > > > Updated patch attached. This fixes the above outstanding issues. > > > > It should now be safe for general testing and use. > > > > > > > > Note: needs versioned base-files dependency adding. > > > > > > Updated patch attached; adds kfreebsd support to initscripts postinst. > > > > Updated postinst following feedback on #debian-devel: > > - use uname rather than dpkg --print-architecture > > - simplify conditional logic > > Updated to > - not enable RAMLOCK by default (though doing so removes a DoS we > are currently vulnerable to even with traditional /var) > - only use new paths in sendsigs > Thanks to mbiebl for this review. Sorry for the patch flood. Final (hopefully) patch attached following some further discussion on #debian-devel. Note: versioned base-files dependency may require tweaking; waiting on base-files upload. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
Index: debian/control
===================================================================
--- debian/control (revision 1953)
+++ debian/control (working copy)
@@ -51,7 +51,7 @@
Package: initscripts
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, ${mount:Depends}, debianutils (>= 2.13.1), lsb-base (>= 3.2-14), sysvinit-utils (>= 2.86.ds1-64), sysv-rc | file-rc, coreutils (>= 5.93)
+Depends: ${shlibs:Depends}, ${misc:Depends}, ${mount:Depends}, base-files (>= 6.2), debianutils (>= 2.13.1), lsb-base (>= 3.2-14), sysvinit-utils (>= 2.86.ds1-64), sysv-rc | file-rc, coreutils (>= 5.93)
Recommends: psmisc, e2fsprogs
Conflicts: libdevmapper1.02.1 (<< 2:1.02.24-1)
Replaces: libc6, libc6.1, libc0.1, libc0.3
Index: debian/src/initscripts/share/default.rcS
===================================================================
--- debian/src/initscripts/share/default.rcS (revision 1953)
+++ debian/src/initscripts/share/default.rcS (working copy)
@@ -13,5 +13,4 @@
UTC=yes
VERBOSE=no
FSCKFIX=no
-RAMRUN=no
RAMLOCK=no
Index: debian/src/initscripts/doc/README.Debian
===================================================================
--- debian/src/initscripts/doc/README.Debian (revision 1953)
+++ debian/src/initscripts/doc/README.Debian (working copy)
@@ -4,15 +4,14 @@
Tmpfs can be used as virtual memory filesystem. glibc 2.2 and above
expects a tmpfs to be mounted at /dev/shm for POSIX shared memory,
this is done automatically by /etc/init.d/mountdevsubfs.sh early in
-the boot process. You can limit tmpfs max size by setting the
-SHM_SIZE variable to a desired size in the /etc/default/tmpfs file
-to prevent tmpfs from using up all system memory.
+the boot process. You can limit tmpfs max size by setting the SHM_SIZE
+variable to a desired size in the /etc/default/tmpfs file to prevent
+tmpfs from using up all system memory.
-A tmpfs can also be mounted over /var/run/ and /var/lock/. This can
-be achieved by setting the RAMRUN and RAMLOCK variables to "yes" in
-the /etc/default/rcS file. A size limit for the tmpfs filesystem
-mounted over /var/run/ and /var/lock/ can be set via the RUN_SIZE
-and LOCK_SIZE variables in the /etc/default/tmpfs file.
+A size limit for the tmpfs filesystem mounted over /run can be set via
+the RUN_SIZE variable in the /etc/default/tmpfs file. Likewise, a
+size limit for the tmpfs filesystem mounted over /run/lock can be set
+via the LOCK_SIZE variable (if enabled with RAMLOCK=yes).
If TMPFS_SIZE is set in /etc/default/tmpfs, it will be used as the
default value for SHM_SIZE, RUN_SIZE and LOCK_SIZE. Otherwise, kernel
@@ -22,19 +21,21 @@
sendsigs process omission interface
-----------------------------------
-Since initscripts package version 2.86.ds1-48, /etc/init.d/sendsigs
-is able to omit processes from being killed by killall5(8). Process
-id's listed in /var/run/sendsigs.omit, /lib/init/rw/sendsigs.omit or
-any file in the /lib/init/rw/sendsigs.omit.d/ directory will be
-omitted by sendsigs.
+Since initscripts package version 2.86.ds1-48, /etc/init.d/sendsigs is
+able to omit processes from being killed by killall5(8). Process id's
+listed in /run/sendsigs.omit, /lib/init/rw/sendsigs.omit or any file
+in the /run/sendsigs.omit.d/ or /lib/init/rw/sendsigs.omit.d/
+directories will be omitted by sendsigs. Note use of /lib/init/rw is
+deprecated and will be removed; users of /lib/init/rw must migrate to
+/run.
-The recommended practise for adding a process id for omission is to
-create a file in /lib/init/rw/sendsigs.omit.d/<package name>
-containing the process id that is to be omitted by sendsigs.
+The recommended practice for adding a process id for omission is to
+create a file in /run/sendsigs.omit.d/<package name> containing the
+process id that is to be omitted by sendsigs.
-This feature is only to be used for processes that need to be
-running when remote file systems are umounted, and that have
-current working directory set to a directory in the root file system.
+This feature is only to be used for processes that need to be running
+when remote file systems are umounted, and that have current working
+directory set to a directory in the root file system.
/sys in /etc/fstab
Index: debian/src/initscripts/lib/init/bootclean.sh
===================================================================
--- debian/src/initscripts/lib/init/bootclean.sh (revision 1953)
+++ debian/src/initscripts/lib/init/bootclean.sh (working copy)
@@ -112,7 +112,7 @@
}
clean_lock() {
- if [ yes = "$RAMLOCK" ] ; then
+ if [ -f /var/lock/.ramfs ] ; then
return 0
fi
@@ -136,7 +136,7 @@
}
clean_run() {
- if [ yes = "$RAMRUN" ] ; then
+ if [ -f /var/run/.ramfs ] ; then
return 0
fi
Index: debian/src/initscripts/lib/init/mount-functions.sh
===================================================================
--- debian/src/initscripts/lib/init/mount-functions.sh (revision 1953)
+++ debian/src/initscripts/lib/init/mount-functions.sh (working copy)
@@ -21,8 +21,8 @@
which selinuxenabled >/dev/null 2>&1 && selinuxenabled
}
-
# Called before mtab is writable to mount kernel and device file systems.
+# Note any changes here must also be made in domtab in mtab.sh.
# $1: file system type
# $2: alternative file system type (or empty string if none)
# $3: mount point
@@ -33,6 +33,7 @@
KERNEL="$(uname -s)"
# Figure out filesystem type
FSTYPE=
+ OPTS=
if [ "$1" = proc ]
then
case "$KERNEL" in
@@ -40,8 +41,15 @@
*FreeBSD) FSTYPE=linprocfs ;;
*) FSTYPE=procfs ;;
esac
+ elif [ "$1" = bind ]
+ then
+ case "$KERNEL" in
+ Linux|GNU) FSTYPE=$4; OPTS="-obind" ;;
+ *FreeBSD) FSTYPE=nullfs ;;
+ *) FSTYPE=none ;;
+ esac
elif [ "$1" = tmpfs ]
- then # always accept tmpfs, to mount /lib/init/rw before /proc
+ then # always accept tmpfs, to mount /run before /proc
FSTYPE=$1
elif grep -E -qs "$1\$" /proc/filesystems
then
@@ -71,14 +79,13 @@
fi
# Get the options from /etc/fstab.
- OPTS=
if [ -f /etc/fstab ]
then
exec 9<&0 </etc/fstab
while read TAB_DEV TAB_MTPT TAB_FSTYPE TAB_OPTS TAB_REST
do
- case "$TAB_DEV" in (""|\#*) continue ;; esac
+ case "$TAB_DEV" in ""|\#*) continue ;; esac
[ "$MTPT" = "$TAB_MTPT" ] || continue
[ "$FSTYPE" = "$TAB_FSTYPE" ] || continue
case "$TAB_OPTS" in
@@ -87,7 +94,7 @@
return
;;
?*)
- OPTS="-o$TAB_OPTS"
+ OPTS="$OPTS -o$TAB_OPTS"
;;
esac
break
@@ -121,45 +128,69 @@
#
pre_mountall ()
{
- # We may end up mounting something over top of /var, either directly
- # or because /var is a symlink to something that's mounted. So keep
- # copies of the /var/run and /var/lock mounts elsewhere on the root
- # filesystem so they can be moved back.
- if [ yes = "$RAMRUN" ] ; then
- mkdir /lib/init/rw/var.run
- mount -n --bind /var/run /lib/init/rw/var.run
- fi
- if [ yes = "$RAMLOCK" ] ; then
- mkdir /lib/init/rw/var.lock
- mount -n --bind /var/lock /lib/init/rw/var.lock
- fi
+ # RAMRUN and RAMLOCK on /var/run and /var/lock are obsoleted by
+ # /run. Note that while RAMRUN is no longer used (/run is always
+ # a tmpfs), RAMLOCK is still functional, but will cause a second
+ # tmpfs to be mounted on /run/lock.
+ :
}
#
-# Restore /var/run and /var/lock mountpoints if something was mounted
-# as /var/. Avoid mounting them back over themselves if nothing was
-# mounted as /var/ by checking if /var/run/ and /var/lock/ are still
-# mount points. Enabling RAMRUN and RAMLOCK while listing /var/run or
-# /var/lock in /etc/fstab is not supported.
+# Migrate a directory to /run and create compatibility symlink or bind
+# mount.
#
-post_mountall ()
+run_migrate ()
{
- if [ yes = "$RAMRUN" ] ; then
- [ -d /var/run ] || mkdir /var/run
- if mountpoint -q /var/run ; then
- umount /lib/init/rw/var.run
- else
- mount -n --move /lib/init/rw/var.run /var/run
- fi
- rmdir /lib/init/rw/var.run
+ OLD=$1
+ RUN=$2
+
+ KERNEL="$(uname -s)"
+ OPTS=""
+ case "$KERNEL" in
+ Linux|GNU) FSTYPE=none OPTS="-obind";;
+ *FreeBSD) FSTYPE=nullfs ;;
+ *) FSTYPE=none ;;
+ esac
+
+ # Try to remove if a directory. Note this is safe because the
+ # system is not yet fully up, and nothing is allowed to use
+ # them yet. If the user explicitly mounted a filesystem here,
+ # it will be cleaned out, but this would happen later on when
+ # bootclean runs in any case.
+ if [ ! -L "$OLD" ] && [ -d "$OLD" ] ; then
+ rm -fr "$OLD" 2>/dev/null || true
fi
- if [ yes = "$RAMLOCK" ] ; then
- [ -d /var/lock ] || mkdir /var/lock
- if mountpoint -q /var/lock ; then
- umount /lib/init/rw/var.lock
+
+ # If removal failed (directory still exists), set up bind mount.
+ if [ ! -L "$OLD" ] && [ -d "$OLD" ] ; then
+ mount -t $FSTYPE "$RUN" "$OLD" -orw $OPTS
+ else
+ # Create symlink if not already present.
+ if [ -L "$OLD" ] && [ "$(readlink "$OLD")" = "$RUN" ]; then
+ :
else
- mount -n --move /lib/init/rw/var.lock /var/lock
+ ln -fs "$RUN" "$OLD"
fi
- rmdir /lib/init/rw/var.lock
fi
}
+
+#
+# For compatibility, create /var/run and /var/lock symlinks to /run
+# and /run/lock, respectively.
+#
+post_mountall ()
+{
+ # /var/run and /var/lock are now /run and /run/lock,
+ # respectively. Cope with filesystems being deliberately
+ # mounted on /var/run and /var/lock. We will create bind
+ # mounts from /run and /run/lock to /var/run and /var/lock if
+ # we can't remove the /var/run and /var/lock directories, or
+ # else simply create symlinks. For example, in the case that
+ # the user has explicitly mounted filesystems on /var/run or
+ # /var/lock, we bind mount over the top of them. Where no
+ # filesystems are mounted, we replace the directory with a
+ # symlink where possible.
+
+ run_migrate /var/run /run
+ run_migrate /var/lock /run/lock
+}
Index: debian/src/initscripts/etc/default/tmpfs
===================================================================
--- debian/src/initscripts/etc/default/tmpfs (revision 1953)
+++ debian/src/initscripts/etc/default/tmpfs (working copy)
@@ -1,6 +1,19 @@
+# TMPFS_SIZE sets the maximum size (in bytes) that tmpfs filesystems can use.
+#
+# The size will be rounded down to a multiple of the page size, 4096 bytes.
+TMPFS_SIZE=
+
# SHM_SIZE sets the maximum size (in bytes) that the /dev/shm tmpfs can use.
# If this is not set then the size defaults to the value of TMPFS_SIZE
# if that is set; otherwise to the kernel's default.
-#
-# The size will be rounded down to a multiple of the page size, 4096 bytes.
SHM_SIZE=
+
+# RUN_SIZE sets the maximum size (in bytes) that the /run tmpfs can use.
+# If this is not set then the size defaults to the value of TMPFS_SIZE
+# if that is set; otherwise to the kernel's default.
+RUN_SIZE=
+
+# LOCK_SIZE sets the maximum size (in bytes) that the /run/lock tmpfs can use.
+# If this is not set then the size defaults to the value of TMPFS_SIZE
+# if that is set; otherwise to the kernel's default.
+LOCK_SIZE=
Index: debian/src/initscripts/etc/init.d/sendsigs
===================================================================
--- debian/src/initscripts/etc/init.d/sendsigs (revision 1953)
+++ debian/src/initscripts/etc/init.d/sendsigs (working copy)
@@ -27,9 +27,10 @@
do_stop () {
OMITPIDS=
- # The /var/run/sendsigs.omit file is used to be compatible
- # with Ubuntu.
- for omitfile in /var/run/sendsigs.omit /lib/init/rw/sendsigs.omit; do
+ # Note: /run transition: Now using /run in place of /var/run;
+ # /lib/init/rw will be removed following transition of
+ # /lib/init/rw users to /run.
+ for omitfile in /run/sendsigs.omit /lib/init/rw/sendsigs.omit; do
if [ -e $omitfile ]; then
for pid in $(cat $omitfile); do
OMITPIDS="${OMITPIDS:+$OMITPIDS }-o $pid"
@@ -40,14 +41,20 @@
# Load sendsigs.omit.d/packagename files too, to make it
# possible for scripts that need to modify the list of pids at
# run time without race conditions.
- if [ -d /lib/init/rw/sendsigs.omit.d/ ]; then
- for pidfile in /lib/init/rw/sendsigs.omit.d/*; do
- [ -f "$pidfile" ] || continue
- for pid in $(cat $pidfile); do
- OMITPIDS="${OMITPIDS:+$OMITPIDS }-o $pid"
+ # Note: /run transition: both /run and /lib/init/rw are used
+ # at present during the transition to /run; /lib/init/rw will
+ # be removed following transition of /lib/init/rw users to
+ # /run.
+ for omitdir in /run/sendsigs.omit.d /lib/init/rw/sendsigs.omit.d; do
+ if [ -d "${omitdir}" ]; then
+ for pidfile in "${omitdir}/"*; do
+ [ -f "$pidfile" ] || continue
+ for pid in $(cat $pidfile); do
+ OMITPIDS="${OMITPIDS:+$OMITPIDS }-o $pid"
+ done
done
- done
- fi
+ fi
+ done
# Upstart jobs have their own "stop on" clauses that sends
# SIGTERM/SIGKILL just like this, so if they're still running,
Index: debian/src/initscripts/etc/init.d/umountfs
===================================================================
--- debian/src/initscripts/etc/init.d/umountfs (revision 1953)
+++ debian/src/initscripts/etc/init.d/umountfs (working copy)
@@ -27,16 +27,16 @@
do
echo "$PROTECTED_MOUNTS" | grep -qs "^$DEV $MTPT " && continue
case "$MTPT" in
- /|/proc|/dev|/.dev|/dev/pts|/dev/shm|/dev/.static/dev|/proc/*|/sys|/sys/*|/lib/init/rw)
+ /|/proc|/dev|/.dev|/dev/pts|/dev/shm|/dev/.static/dev|/proc/*|/sys|/sys/*|/run|/lib/init/rw)
continue
;;
/var/run)
- if [ yes = "$RAMRUN" ] ; then
+ if [ -f /var/run/.ramfs ] ; then
continue
fi
;;
/var/lock)
- if [ yes = "$RAMLOCK" ] ; then
+ if [ -f /var/run/.ramfs ] ; then
continue
fi
;;
Index: debian/src/initscripts/etc/init.d/mountkernfs.sh
===================================================================
--- debian/src/initscripts/etc/init.d/mountkernfs.sh (revision 1953)
+++ debian/src/initscripts/etc/init.d/mountkernfs.sh (working copy)
@@ -26,11 +26,36 @@
#
RW_OPT=
[ "${RW_SIZE:=$TMPFS_SIZE}" ] && RW_OPT=",size=$RW_SIZE"
- domount tmpfs "" /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
+ domount tmpfs shmfs /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
touch /lib/init/rw/.ramfs
+ RUN_OPT=
+ [ "${RUN_SIZE:=$TMPFS_SIZE}" ] && RUN_OPT=",size=$RUN_SIZE"
+ domount tmpfs shmfs /run tmpfs -omode=0755,nosuid$RUN_OPT
+ touch /run/.ramfs
+
+ # Make lock directory as the replacement for /var/lock
+ mkdir /run/lock
+
+ # Mount /var/lock as tmpfs if enabled. This prevents user DoS
+ # of /run by filling /run/lock at the expense of using an
+ # additional tmpfs.
+ if [ yes = "$RAMLOCK" ] ; then
+ LOCK_OPT=
+ [ "${LOCK_SIZE:=$TMPFS_SIZE}" ] && LOCK_OPT=",size=$LOCK_SIZE"
+ domount tmpfs shmfs /run/lock tmpfs -omode=1777,nodev,noexec,nosuid$LOCK_OPT
+ fi
+
+ touch /run/lock/.ramfs
+ chmod 01777 /run/lock
+
# Make pidfile omit directory for sendsigs
+
+ # Note: /run transition: Move from /lib/init/rw to /run.
+ # /lib/init/rw will be removed following transition of
+ # /lib/init/rw users to /run.
mkdir /lib/init/rw/sendsigs.omit.d/
+ mkdir /run/sendsigs.omit.d/
#
# Mount proc filesystem on /proc
@@ -45,20 +70,6 @@
then
domount sysfs "" /sys sysfs -onodev,noexec,nosuid
fi
-
- # Mount /var/run and /var/lock as tmpfs if enabled
- if [ yes = "$RAMRUN" ] ; then
- RUN_OPT=
- [ "${RUN_SIZE:=$TMPFS_SIZE}" ] && RUN_OPT=",size=$RUN_SIZE"
- domount tmpfs "" /var/run varrun -omode=0755,nosuid$RUN_OPT
- touch /var/run/.ramfs
- fi
- if [ yes = "$RAMLOCK" ] ; then
- LOCK_OPT=
- [ "${LOCK_SIZE:=$TMPFS_SIZE}" ] && LOCK_OPT=",size=$LOCK_SIZE"
- domount tmpfs "" /var/lock varlock -omode=1777,nodev,noexec,nosuid$LOCK_OPT
- touch /var/lock/.ramfs
- fi
}
case "$1" in
Index: debian/src/initscripts/etc/init.d/checkroot.sh
===================================================================
--- debian/src/initscripts/etc/init.d/checkroot.sh (revision 1953)
+++ debian/src/initscripts/etc/init.d/checkroot.sh (working copy)
@@ -137,7 +137,7 @@
#
# Does the root device in /etc/fstab match with the actual device ?
# If not we try to use the /dev/root alias device, and if that
- # fails we create a temporary node in /lib/init/rw.
+ # fails we create a temporary node in /run.
#
if [ "$rootcheck" = yes ]
then
@@ -150,11 +150,11 @@
rootdev=/dev/root
else
if \
- rm -f /lib/init/rw/rootdev \
- && mknod -m 600 /lib/init/rw/rootdev b ${rdev%:*} ${rdev#*:} \
- && [ -e /lib/init/rw/rootdev ]
+ rm -f /run/rootdev \
+ && mknod -m 600 /run/rootdev b ${rdev%:*} ${rdev#*:} \
+ && [ -e /run/rootdev ]
then
- rootdev=/lib/init/rw/rootdev
+ rootdev=/run/rootdev
else
rootfatal=yes
fi
@@ -169,7 +169,7 @@
then
log_failure_msg "The device node $rootdev for the root filesystem is missing or incorrect
or there is no entry for the root filesystem listed in /etc/fstab.
-The system is also unable to create a temporary node in /lib/init/rw.
+The system is also unable to create a temporary node in /run.
This means you have to fix the problem manually."
log_warning_msg "A maintenance shell will now be started.
CONTROL-D will terminate this shell and restart the system."
@@ -268,7 +268,7 @@
then
log_action_begin_msg "Checking root file system"
if [ "$roottype" = "ext2" -o "$roottype" = "ext3" -o "$roottype" = "ext4" ] && usplash_running; then
- PROGRESS_FILE=`mktemp -p /lib/init/rw` || PROGRESS_FILE=/lib/init/rw/checkroot_fsck
+ PROGRESS_FILE=`mktemp -p /run` || PROGRESS_FILE=/run/checkroot_fsck
set -m
logsave -s $FSCK_LOGFILE fsck -C3 $force $fix -t $roottype $rootdev >/dev/console 2>&1 3>$PROGRESS_FILE &
set +m
@@ -385,9 +385,9 @@
fi
#
- # Remove /lib/init/rw/rootdev if we created it.
+ # Remove /run/rootdev if we created it.
#
- rm -f /lib/init/rw/rootdev
+ rm -f /run/rootdev
}
do_status () {
Index: debian/src/initscripts/etc/init.d/mtab.sh
===================================================================
--- debian/src/initscripts/etc/init.d/mtab.sh (revision 1953)
+++ debian/src/initscripts/etc/init.d/mtab.sh (working copy)
@@ -31,35 +31,102 @@
. /lib/lsb/init-functions
. /lib/init/mount-functions.sh
-# $1 - fstype
-# $2 - mount point
-# $3 - mount name/device
-# $4 - mount options
+# Note any changes here must also be made in domount in mount-functions.
+# $1: file system type
+# $2: alternative file system type (or empty string if none)
+# $3: mount point
+# $4: mount device name
+# $5... : extra mount program options
domtab ()
{
- # Directory present?
- if [ ! -d $2 ]
+ MTPT="$3"
+ KERNEL="$(uname -s)"
+ # Figure out filesystem type
+ FSTYPE=
+ OPTS=
+ if [ "$1" = proc ]
then
+ case "$KERNEL" in
+ Linux|GNU) FSTYPE=proc;;
+ *FreeBSD) FSTYPE=linprocfs ;;
+ *) FSTYPE=procfs ;;
+ esac
+ elif [ "$1" = bind ]
+ then
+ case "$KERNEL" in
+ Linux|GNU) FSTYPE=$4; OPTS="-obind" ;;
+ *FreeBSD) FSTYPE=nullfs ;;
+ *) FSTYPE=none ;;
+ esac
+ elif [ "$1" = tmpfs ]
+ then # always accept tmpfs, to mount /run before /proc
+ FSTYPE=$1
+ elif grep -E -qs "$1\$" /proc/filesystems
+ then
+ FSTYPE=$1
+ elif grep -E -qs "$2\$" /proc/filesystems
+ then
+ FSTYPE=$2
+ fi
+
+ if [ ! "$FSTYPE" ]
+ then
+ if [ "$2" ]
+ then
+ log_warning_msg "Filesystem types '$1' and '$2' are not supported. Skipping mount."
+ else
+ log_warning_msg "Filesystem type '$1' is not supported. Skipping mount."
+ fi
return
fi
- # Not mounted?
- if ! mountpoint -q $2 < /dev/null
+ # We give file system type as device name if not specified as
+ # an argument
+ if [ "$4" ] ; then
+ DEVNAME=$4
+ else
+ DEVNAME=$FSTYPE
+ fi
+
+ # Get the options from /etc/fstab.
+ if [ -f /etc/fstab ]
then
+ exec 9<&0 </etc/fstab
+
+ while read TAB_DEV TAB_MTPT TAB_FSTYPE TAB_OPTS TAB_REST
+ do
+ case "$TAB_DEV" in ""|\#*) continue ;; esac
+ [ "$MTPT" = "$TAB_MTPT" ] || continue
+ [ "$FSTYPE" = "$TAB_FSTYPE" ] || continue
+ case "$TAB_OPTS" in
+ noauto|*,noauto|noauto,*|*,noauto,*)
+ exec 0<&9 9<&-
+ return
+ ;;
+ ?*)
+ OPTS="$OPTS -o$TAB_OPTS"
+ ;;
+ esac
+ break
+ done
+
+ exec 0<&9 9<&-
+ fi
+
+ if [ ! -d "$MTPT" ]
+ then
return
fi
- if [ -n "$3" ]
+ if ! mountpoint -q "$MTPT"
then
- NAME="$3"
- else
- NAME="$1"
+ return # Not mounted
fi
# Already recorded?
- if ! grep -E -sq "^([^ ]+) +$2 +" /etc/mtab < /dev/null
+ if ! grep -E -sq "^([^ ]+) +$MTPT +" /etc/mtab < /dev/null
then
- mount -f -t $1 $OPTS $4 $NAME $2 < /dev/null
+ mount -f -t $FSTYPE $5 $OPTS $DEVNAME $MTPT < /dev/null
fi
}
@@ -108,40 +175,42 @@
# S02mountkernfs.sh
RW_OPT=
[ "${RW_SIZE:=$TMPFS_SIZE}" ] && RW_OPT=",size=$RW_SIZE"
- domtab tmpfs /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
+ domtab tmpfs shmfs /lib/init/rw tmpfs -omode=0755,nosuid$RW_OPT
- domtab proc /proc "proc" -onodev,noexec,nosuid
- if grep -E -qs "sysfs\$" /proc/filesystems
- then
- domtab sysfs /sys sysfs -onodev,noexec,nosuid
- fi
- if [ yes = "$RAMRUN" ] ; then
- RUN_OPT=
- [ "${RUN_SIZE:=$TMPFS_SIZE}" ] && RUN_OPT=",size=$RUN_SIZE"
- domtab tmpfs /var/run "varrun" -omode=0755,nosuid$RUN_OPT
- fi
+ RUN_OPT=
+ [ "${RUN_SIZE:=$TMPFS_SIZE}" ] && RUN_OPT=",size=$RUN_SIZE"
+ domtab tmpfs shmfs /run tmpfs -omode=0755,nosuid$RUN_OPT
+
if [ yes = "$RAMLOCK" ] ; then
LOCK_OPT=
[ "${LOCK_SIZE:=$TMPFS_SIZE}" ] && LOCK_OPT=",size=$LOCK_SIZE"
- domtab tmpfs /var/lock "varlock" -omode=1777,nodev,noexec,nosuid$LOCK_OPT
+ domtab tmpfs shmfs /run/lock tmpfs -omode=1777,nodev,noexec,nosuid$LOCK_OPT
fi
+
+ domtab proc "" /proc proc -onodev,noexec,nosuid
+
+ if grep -E -qs "sysfs\$" /proc/filesystems
+ then
+ domtab sysfs "" /sys sysfs -onodev,noexec,nosuid
+ fi
+
if [ -d /proc/bus/usb ]
then
- domtab usbfs /proc/bus/usb "procbususb"
+ domtab usbfs "" /proc/bus/usb "procbususb"
fi
# S03udev
- domtab tmpfs /dev "udev" -omode=0755
+ domtab tmpfs "" /dev "udev" -omode=0755
# S04mountdevsubfs
SHM_OPT=
[ "${SHM_SIZE:=$TMPFS_SIZE}" ] && SHM_OPT=",size=$SHM_SIZE"
- domtab tmpfs /dev/shm tmpfs -onosuid,nodev$SHM_OPT
- domtab devpts /dev/pts "devpts" -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE
+ domtab tmpfs "" /dev/shm tmpfs -onosuid,nodev$SHM_OPT
+ domtab devpts "" /dev/pts "devpts" -onoexec,nosuid,gid=$TTYGRP,mode=$TTYMODE
# Add everything else in /proc/mounts into /etc/mtab, with
# special exceptions.
- exec 9<&0 0</proc/mounts
+ exec 8<&0 0</proc/mounts
while read FDEV FDIR FTYPE FOPTS REST
do
case "$FDIR" in
@@ -155,9 +224,9 @@
continue
;;
esac
- domtab "$FTYPE" "$FDIR" "$FDEV" "-o$FOPTS"
+ domtab "$FTYPE" "" "$FDIR" "$FDEV" "-o$FOPTS"
done
- exec 0<&9 9<&-
+ exec 0<&8 8<&-
}
case "$1" in
Index: debian/src/initscripts/etc/init.d/umountnfs.sh
===================================================================
--- debian/src/initscripts/etc/init.d/umountnfs.sh (revision 1953)
+++ debian/src/initscripts/etc/init.d/umountnfs.sh (working copy)
@@ -48,16 +48,16 @@
while read -r DEV MTPT FSTYPE OPTS REST
do
case "$MTPT" in
- /|/proc|/dev|/dev/pts|/dev/shm|/proc/*|/sys|/lib/init/rw)
+ /|/proc|/dev|/dev/pts|/dev/shm|/proc/*|/sys|/run|/lib/init/rw)
continue
;;
/var/run)
- if [ yes = "$RAMRUN" ] ; then
+ if [ -f /var/run/.ramfs ] ; then
continue
fi
;;
/var/lock)
- if [ yes = "$RAMLOCK" ] ; then
+ if [ -f /var/lock/.ramfs ] ; then
continue
fi
;;
Index: debian/src/initscripts/man/rcS.5
===================================================================
--- debian/src/initscripts/man/rcS.5 (revision 1953)
+++ debian/src/initscripts/man/rcS.5 (working copy)
@@ -97,19 +97,15 @@
This will tell fsck always to repair the file systems
without asking for permission.
-.IP \fBRAMRUN\fP
-Make /var/run/ available as a ram file system (tmpfs). Will also disable
-cleaning of /var/run/ during boot. Set to 'yes' to enable, to 'no' to disable.
-The size of the tmpfs can be controlled using TMPFS_SIZE and RUN_SIZE in
-/etc/default/tmpfs. Because of this, packages can not expect directories in /var/run
-to exist after boot. Packages expecting this are buggy and need to be fixed.
-
.IP \fBRAMLOCK\fP
-Make /var/lock/ available as a ram file system (tmpfs). Will also disable
-cleaning of /var/lock/ during boot. Set to 'yes' to enable, to 'no' to disable.
-The size of the tmpfs can be controlled using TMPFS_SIZE and LOCK_SIZE in
-/etc/default/tmpfs. Because of this, packages can not expect directories in /var/lock
-to exist after boot. Packages expecting this are buggy and need to be fixed.
+Make /run/lock/ available as a ram file system (tmpfs). Set to 'yes'
+to enable, to 'no' to disable. The size of the tmpfs can be
+controlled using TMPFS_SIZE and LOCK_SIZE in /etc/default/tmpfs.
+Because of this, packages can not expect directories in /var/lock to
+exist after boot. Packages expecting this are buggy and need to be
+fixed. Note that /run/lock was previously /var/lock, and a
+compatibility symlink or bind mount will be created to allow the old
+path to continue to function.
.IP \fBASYNCMOUNTNFS\fP
Set this to 'no' to disable asynchronous mounting of network drives
Index: debian/src/initscripts/Makefile
===================================================================
--- debian/src/initscripts/Makefile (revision 1953)
+++ debian/src/initscripts/Makefile (working copy)
@@ -10,6 +10,10 @@
all:
install:
+ # TODO: Replace /lib/init/rw directory with symbolic link to
+ # /run. This requires the directory to be empty and unused,
+ # so needs doing post-wheezy. If the migration to /run is
+ # complete, could be removed entirely.
$(INSTALL) -d $(DESTDIR)/lib/init/rw/.
$(INSTALL) -d $(DESTDIR)/var/lib/initscripts/.
$(INSTALL) -d $(DESTDIR)/var/lib/urandom/.
Index: debian/initscripts.postinst
===================================================================
--- debian/initscripts.postinst (revision 1953)
+++ debian/initscripts.postinst (working copy)
@@ -17,12 +17,37 @@
umask 022
chrooted() {
- if [ -r /proc/1/root ]; then
+ if [ "$(stat -c %d/%i /)" = "$(stat -Lc %d/%i /proc/1/root 2>/dev/null)" ];
+ then
+ # the devicenumber/inode pair of / is the same as that of /sbin/init's
+ # root, so we're *not* in a chroot and hence return false.
return 1
fi
return 0
}
+bind_mount ()
+{
+ SRC=$1
+ DEST=$2
+
+ FSTYPE=""
+ OPTS=""
+
+ case "$(uname -s)" in
+ Linux|GNU) FSTYPE=$SRC; OPTS="-obind" ;;
+ *FreeBSD) FSTYPE=nullfs ;;
+ *) FSTYPE=none ;;
+ esac
+
+ # Bind mount $SRC on $DEST
+ if mount -t $FSTYPE "$SRC" "$DEST" -orw $OPTS ; then
+ return 0
+ fi
+
+ return 1
+}
+
#
# Initialize rcS default file.
#
@@ -118,38 +143,88 @@
done
#
-# Create /var/run and /var/lock on the root partition to make sure
-# they are available when RAMRUN or RAMLOCK is enabled.
-# If mount fail (like in a vserver environment), just clean up and ignore
-# it. The admins enabling RAMRUN and RAMLOCK will have to create the
-# directories themselves in this case.
+# Setup /run if not already in use. Note that the intent here is to
+# make the existing /var/run and /var/lock available as /run,
+# /run/lock, respectively. When the system is next restarted, a
+# proper /run tmpfs will be set up. The bind mounts set up here are
+# intended to recreate the directory heirarchy using the existing
+# locations in order that packages may transition to using /run
+# without a system restart.
#
-if dpkg --compare-versions "$PREV_VER" lt "2.86.ds1-22" && ! chrooted
-then
- # We need to quickly bind / to another location so we can make them
- # just in case /var is a mountpoint or a symlink to one.
- mkdir -p /.root
- if mount -n --bind / /.root ; then
- if [ -L /.root/var ] && [ ! -d /.root/var ] ; then
- # No use trying if /var is a relative symlink. It is not
- # going to work.
- :
- else
- mkdir -p /.root/var/run /.root/var/lock
+
+# If /run does not exist yet, skip.
+if [ -d /run ]; then
+ # If in a chroot, do not do any messing around with mounts,
+ # but do migration of /var/run and /var/lock. Bind mounting
+ # would not work in a chroot, because the migration would only
+ # be temporary--the rcS scripts are not guaranteed to run, so
+ # we must do the migration by hand.
+ if chrooted; then
+ if [ ! -L /var/run ] && [ -d /var/run ]; then
+ echo "chroot detected: Migrating /var/run to /run"
+ ( mv /var/run / &&
+ ln -fs /run /var/run ) ||
+ ( echo "Can't move /var/run to /run and replace with symlink; please fix manually."; exit 1 )
fi
- umount /.root
+ [ -d /run/lock ] || mkdir /run/lock
+ chmod 1777 /run/lock
+ if [ ! -L /var/lock ] && [ -d /var/lock ]; then
+ echo "chroot detected: Migrating /var/lock to /run/lock"
+ ( rm -fr /run/lock &&
+ mv /var/lock /run &&
+ ln -fs /run/lock /var/lock ) ||
+ ( echo "Can't move /run/lock to /var/lock and replace with symlink; please fix manually."; exit 1 )
+ fi
+ # Not a chroot. If /run/.run-transition does not exist then
+ # skip. /run/.run-transition should not exist either before
+ # or after the transition. This file is used to ensure we
+ # don't perform the initial migration more than once if
+ # initscripts is upgraded again before a system restart (and
+ # hence transision completion).
+ elif [ ! -f /run/.run-transition ]; then
+ # Device and inode of directories:
+ svarrun=$(/usr/bin/stat --format="%d %i" /var/run)
+ svarlock=$(/usr/bin/stat --format="%d %i" /var/lock)
+ # May not exist yet
+ srun=$(/usr/bin/stat --format="%d %i" /run 2>/dev/null || :)
+ srunlock=$(/usr/bin/stat --format="%d %i" /run/lock 2>/dev/null || :)
+
+ # If /run/.ramfs exists, then a ramfs already exists,
+ # and we assume it's all set up correctly. If the
+ # device/inode are the same, it's not set up entirely
+ # correctly, but a bind mount already exists for some
+ # reason, so again assume set up is not required.
+ if [ ! -f /run/.ramfs ] && [ "$svarrun" != "$srun" ]; then
+ # Bind mount /var/run on /run
+ if bind_mount /var/run /run; then
+ # Bind mount /var/lock on /run/lock
+ [ -d /run/lock ] || mkdir /run/lock
+ if [ "$svarlock" != "$srunlock" ]; then
+ bind_mount /var/lock /run/lock
+ fi
+ fi
+ fi
+
+ # Create a /run/.run-transition stamp file. This is
+ # to ensure we don't repeat the above setup if the
+ # package is upgraded again prior to a system reboot.
+ # On reboot, it will be deleted by the init scripts
+ # and the transition will be completed. This means
+ # the transition will complete at the sysadmin's
+ # convenience, since the system will function
+ # identically before and after a reboot.
+ echo "Please reboot to complete migration to tmpfs-based /run" > /run/.run-transition
fi
- rmdir /.root
fi
#
-# When installing for the first time or upgrading from version before
-# 2.86.ds1-27, a reboot is needed to make the /lib/init/rw/ tmpfs
-# available. Flag this using notify-reboot-required. Not mounting it
-# here as it creates problem for debootstrap, vservers, pbuilder and
-# cowbuilder.
+# When installing for the first time or upgrading from a version
+# before or equal to 2.88dsf-14, a reboot is needed to make the /run
+# tmpfs available. Flag this using notify-reboot-required. /run is
+# available in some form before the reboot, so the need for a reboot
+# isn't particularly urgent.
#
-if dpkg --compare-versions "$PREV_VER" lt "2.86.ds1-27" \
+if dpkg --compare-versions "$PREV_VER" le "2.88dsf-14" \
&& [ -x /usr/share/update-notifier/notify-reboot-required ]; then
/usr/share/update-notifier/notify-reboot-required
fi
Index: debian/changelog
===================================================================
--- debian/changelog (revision 1953)
+++ debian/changelog (working copy)
@@ -1,3 +1,88 @@
+sysvinit (2.88dsf-13.1run0) UNRELEASED; urgency=low
+
+ * Support for new top-level directory /run to replace /var/run,
+ /var/lock and /lib/init/rw as a place to store transient
+ writable data which should not be preserved across a system
+ reboot. Summary:
+ /var/run → /run
+ /var/lock → /run/lock
+ /lib/init/rw → /run (not transitioned automatically)
+ /dev/.* → /run (not transitioned automatically)
+ These changes do not take effect until the system is rebooted as
+ is currently done for /lib/init/rw setup. Following a reboot, the
+ old paths will continue to be available via bind mounts, which will
+ permit programs using the old paths to transition to use the new paths
+ for wheezy.
+ - debian/control:
+ Depend on base-files >= 6.2 in order to guarantee the existence of
+ /run.
+ - debian/initscripts.postinst:
+ Take chroot detection logic from udev postinst (existing logic was
+ broken).
+ Trigger reboot to complete transition.
+ If the system has not yet transitioned to a tmpfs-based /run, set up
+ bind mounts as follows:
+ /var/run → /run
+ /var/lock → /run/lock
+ On reboot, the system will complete the migration to a tmpfs-based
+ /run; this creates the directory heierachy from the old paths to
+ enable the use of the new /run paths prior to a restart. This means
+ packages may transition to using /run with a versioned dependency
+ upon initscripts.
+ Remove special handling for RAMRUN and RAMLOCK, which is now taken
+ care of by /run.
+ If in a chroot environment, directly move the directories to the new
+ locations rather than bind mount; since chroots don't run rcS
+ scripts, the changes would otherwise be lost.
+ - debian/src/initscripts/doc/README.Debian:
+ Document new use of RUN_SIZE and LOCK_SIZE.
+ Document use of /run rather than /lib/init/rw.
+ - debian/src/initscripts/etc/init.d/checkroot.sh:
+ Use /run in place of /lib/init/rw.
+ - debian/src/initscripts/etc/init.d/mountkernfs.sh:
+ Create /run, /run/sendsigs.omit.d and /run/lock.
+ Mount /run/lock as a separate tmpfs if RAMLOCK=yes.
+ /run/lock has 01777 permissions to match /var/lock.
+ Drop mounting of /var/run and /var/lock.
+ - debian/src/initscripts/etc/init.d/mtab.sh:
+ domtab mirrors behaviour of domount in mount-functions exactly, to
+ prevent duplicate mounts (required for bind mount support).
+ Bind mount /run/init and drop mounting of /var/run. Mount /run/lock
+ in place of /var/lock.
+ - debian/src/initscripts/etc/init.d/sendsigs:
+ Use new paths:
+ files: /run/sendsigs.omit /lib/init/rw/sendsigs.omit
+ dirs: /run/sendsigs.omit.d/ /lib/init/rw/sendsigs.omit.d/
+ - debian/src/initscripts/etc/init.d/umountfs:
+ Ignore /run. Continue to ignore /lib/init/rw in order to handle
+ clean shutdown. Also continue to ignore /var/run and /var/lock
+ Check for presence of .ramfs than configuration variable when
+ skipping /var/run and /var/lock.
+ - debian/src/initscripts/etc/init.d/umountnfs.sh:
+ Check for presence of .ramfs than configuration variable when
+ skipping /var/run and /var/lock.
+ Ignore /run. Continue to ignore /lib/init/rw in order to handle
+ clean shutdown. Also continue to ignore /var/run and /var/lock
+ if mounted as tmpfs in order to cleanly shutdown.
+ - debian/src/initscripts/lib/init/bootclean.sh
+ Check for presence of .ramfs than configuration variable when
+ cleaning /var/run and /var/lock.
+ - debian/src/initscripts/lib/init/mount-functions.sh:
+ Drop support for mounting /var/run and /var/lock as separate
+ tmpfs filesystems. Symlink /var/run to /run and /var/lock to
+ /run/lock if possible. If /var/run and /var/lock are directories,
+ attempt to remove and symlink if successful, or else bind mount.
+ - debian/src/initscripts/man/rcS.5:
+ Drop documentation of RAMRUN. Update documentation for RAMLOCK.
+
+ -- Roger Leigh <rle...@debian.org> Wed, 30 Mar 2011 21:17:49 +0100
+
+ sysvinit (2.88dsf-13.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+
+ -- Roger Leigh <rle...@debian.org> Fri, 01 Apr 2011 00:26:11 +0100
+
sysvinit (2.88dsf-14) UNRELEASED; urgency=low
[ Petter Reinholdtsen ]
signature.asc
Description: Digital signature
