#!/bin/bash
#
# Set up readonly-root support.
#
. /etc/init.d/functions
# We need to initialize the $HOSTNAME variable by ourselves now:
# (It was previously done for RHEL-6 branch, but got lost in time.)
HOSTNAME="$(hostname)"
# Check SELinux status
SELINUX_STATE=
if [ -e "/sys/fs/selinux/enforce" ] && [ "$(cat /proc/self/attr/current | tr -d '\000' )" != "kernel" ]; then
if [ -r "/sys/fs/selinux/enforce" ] ; then
SELINUX_STATE=$(cat "/sys/fs/selinux/enforce")
else
# assume enforcing if you can't read it
SELINUX_STATE=1
fi
fi
selinux_fixup() {
if [ -n "$SELINUX_STATE" ] && [ -e "$1" ]; then
restorecon -R "$1"
fi
}
# Only read this once.
[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline)
READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
. /etc/sysconfig/readonly-root
fi
if strstr "$cmdline" readonlyroot ; then
READONLY=yes
[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
[ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state
fi
if strstr "$cmdline" noreadonlyroot ; then
READONLY=no
fi
MOUNTS=()
if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
add_mount() {
mnt=${1%/}
MOUNTS=("${MOUNTS[@]}" "$mnt")
}
cp_empty() {
if [ -e "$1" ]; then
echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_dirs() {
if [ -e "$1" ]; then
mkdir -p "$RW_MOUNT$1"
find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
add_mount $1
fi
}
cp_files() {
if [ -e "$1" ]; then
cp -a --parents "$1" "$RW_MOUNT"
add_mount $1
fi
}
# Common mount options for scratch space regardless of
# type of backing store
mountopts=
# Scan partitions for local scratch storage
rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device)
bindmountopts=
[ "$SLAVE_MOUNTS" = "yes" ] && bindmountopts="--make-slave"
# First try to mount scratch storage from /etc/fstab, then any
# partition with the proper label. If either succeeds, be sure
# to wipe the scratch storage clean. If both fail, then mount
# scratch storage via tmpfs.
if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then
rm -rf "$RW_MOUNT" > /dev/null 2>&1
else
mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT"
fi
for file in /etc/rwtab /etc/rwtab.d/* /run/initramfs/rwtab ; do
is_ignored_file "$file" && continue
[ -f $file ] && while read type path ; do
case "$type" in
empty)
cp_empty $path
;;
files)
cp_files $path
;;
dirs)
cp_dirs $path
;;
*)
;;
esac
done < <(cat $file)
done
for m in "${MOUNTS[@]}"; do
prefix=0
for mount_point in "${MOUNTS[@]}"; do
[[ $m = $mount_point ]] && continue
if [[ $m =~ ^$mount_point/.* ]] ; then
prefix=1
break
fi
done
[[ $prefix -eq 1 ]] && continue
mount -n --bind $bindmountopts "$RW_MOUNT$m" "$m"
selinux_fixup "$m"
done
# Use any state passed by initramfs
[ -d /run/initramfs/state ] && cp -a /run/initramfs/state/* $RW_MOUNT
# In theory there should be no more than one network interface active
# this early in the boot process -- the one we're booting from.
# Use the network address to set the hostname of the client. This
# must be done even if we have local storage.
ipaddr=
if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }')
for ip in $ipaddr ; do
HOSTNAME=
eval $(ipcalc -h $ipaddr 2>/dev/null)
[ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
done
fi
# Clients with read-only root filesystems may be provided with a
# place where they can place minimal amounts of persistent
# state. SSH keys or puppet certificates for example.
#
# Ideally we'll use puppet to manage the state directory and to
# create the bind mounts. However, until that's all ready this
# is sufficient to build a working system.
# First try to mount persistent data from /etc/fstab, then any
# partition with the proper label, then fallback to NFS
state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device)
if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then
/bin/true
elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1; then
/bin/true
elif [ ! -z "$CLIENTSTATE" ]; then
# No local storage was found. Make a final attempt to find
# state on an NFS server.
mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock
fi
if [ -w "$STATE_MOUNT" ]; then
mount_state() {
if [ -e "$1" ]; then
[ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT"
mount -n --bind $bindmountopts "$STATE_MOUNT$1" "$1"
fi
}
for file in /etc/statetab /etc/statetab.d/* ; do
is_ignored_file "$file" && continue
[ ! -f "$file" ] && continue
if [ -f "$STATE_MOUNT/$file" ] ; then
mount -n --bind $bindmountopts "$STATE_MOUNT/$file" "$file"
fi
for path in $(grep -v "^#" "$file" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
done
if [ -f "$STATE_MOUNT/files" ] ; then
for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do
mount_state "$path"
selinux_fixup "$path"
done
fi
fi
if mount | grep -q /var/lib/nfs/rpc_pipefs ; then
mount -t rpc_pipefs sunrpc /var/lib/nfs/rpc_pipefs
fi
fi
All system for education purposes only. For more tools: Telegram @jackleet