[PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[Christian Heinz]

This will allow ldconfig to create its auxiliary cache file in order to
prevent `ldconfig -r' from failing completely when dracut is run as
non-root. Applies to glibc/ldconfig versions released before Nov 22,
2010.
---
 dracut |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/dracut b/dracut
index 303d817..5cdd313 100755
--- a/dracut
+++ b/dracut
@@ -350,6 +350,7 @@ unset item
 
 # make sure that library links are correct and up to date
 cp -ar /etc/ld.so.conf* "$initdir"/etc
+mkdir -p "$initdir/var/cache/ldconfig"
 ldconfig -r "$initdir" || [[ $UID != "0" ]] && \
     dinfo "ldconfig might need uid=0 (root) for chroot()"
 
-- 
1.7.3.3

[PATCH 2/2] dracut: don't print misleading dinfo after successful ldconfig run

[Christian Heinz]

---
 dracut |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dracut b/dracut
index 5cdd313..93ea308 100755
--- a/dracut
+++ b/dracut
@@ -351,8 +351,8 @@ unset item
 # make sure that library links are correct and up to date
 cp -ar /etc/ld.so.conf* "$initdir"/etc
 mkdir -p "$initdir/var/cache/ldconfig"
-ldconfig -r "$initdir" || [[ $UID != "0" ]] && \
-    dinfo "ldconfig might need uid=0 (root) for chroot()"
+ldconfig -r "$initdir" || { [[ $UID != "0" ]] && \
+    dinfo "ldconfig might need uid=0 (root) for chroot()"; }
 
 [[ $beverbose = yes ]] && (du -c "$initdir" | sort -n)
 
-- 
1.7.3.3

Re: [PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[Amadeusz Żołnowski]

[-- Attachment #1: Type: text/plain, Size: 667 bytes --]

Hi,

Excerpts from Christian Heinz's message of Tue Dec 07 02:44:19 +0100 2010:
> This will allow ldconfig to create its auxiliary cache file in order to
> prevent `ldconfig -r' from failing completely when dracut is run as
> non-root. Applies to glibc/ldconfig versions released before Nov 22,
> 2010.

What is the benefit of "falling partially" over "falling completely".
I'm wondering if there shouldn't be check if dracut is run by non-root
and then exit immediately.  Normal user cannot read some files (e.g.
/bin/mount), so what's the point?


Cheers,
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[Amadeusz Żołnowski]

[-- Attachment #1: Type: text/plain, Size: 376 bytes --]

Excerpts from Amadeusz Żołnowski's message of Tue Dec 07 10:49:58 +0100 2010:
> What is the benefit of "falling partially" over "falling completely".

Should be:
What is the benefit of "falling partially" over "falling completely"?


(Detail, but looked too weird… :-))
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]

Re: [PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[Christian Heinz]

Hi,

> What is the benefit of "falling partially" over "falling completely".
> I'm wondering if there shouldn't be check if dracut is run by non-root
> and then exit immediately.  Normal user cannot read some files (e.g.
> /bin/mount), so what's the point?

Not having read permission for /bin/mount as normal user looks weird to
me. I use dracut on Arch Linux, though I also just tested on a Fedora VM
and everything builds/runs just fine without root permissions. Are there
any compelling reasons to restrict image generation to root only? Am
I missing something fundamental?

Regards,
Christian

Re: [PATCH 1/2] dracut: create ldconfig aux cache directory on the initrd

[Amadeusz Żołnowski]

[-- Attachment #1: Type: text/plain, Size: 923 bytes --]

Excerpts from Christian Heinz's message of Tue Dec 07 12:11:33 +0100 2010:
> > What is the benefit of "falling partially" over "falling completely".
> > I'm wondering if there shouldn't be check if dracut is run by non-root
> > and then exit immediately.  Normal user cannot read some files (e.g.
> > /bin/mount), so what's the point?
> 
> Not having read permission for /bin/mount as normal user looks weird to
> me. I use dracut on Arch Linux, though I also just tested on a Fedora VM
> and everything builds/runs just fine without root permissions. Are there
> any compelling reasons to restrict image generation to root only? Am
> I missing something fundamental?

If it builds just fine with your patch, that's cool.  Maybe it's a good
starting point to consider permissions policy in Gentoo. :-)


Cheers,
-- 
Amadeusz Żołnowski

PGP key fpr: C700 CEDE 0C18 212E 49DA  4653 F013 4531 E1DB FAB5

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 490 bytes --]