[PATCH] [RFC] switch_root: Add a sanity check

[PATCH] [RFC] switch_root: Add a sanity check

[Richard Weinberger]

As switch_root basically does rm -Rf / we should make sure
that / is really an initramfs.

Signed-off-by: Richard Weinberger <richard@nod.at>
---
 sys-utils/switch_root.c |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/sys-utils/switch_root.c b/sys-utils/switch_root.c
index f0ef677..f26f7da 100644
--- a/sys-utils/switch_root.c
+++ b/sys-utils/switch_root.c
@@ -174,7 +174,13 @@ static int switchroot(const char *newroot)
 	if (cfd >= 0) {
 		pid = fork();
 		if (pid <= 0) {
-			recursiveRemove(cfd);
+			if (fstat(cfd, &sb) == 0) {
+				if (sb.st_dev == makedev(0, 1))
+					recursiveRemove(cfd);
+				else
+					warn(_("old root filesystem is not an initramfs"));
+			}
+
 			if (pid == 0)
 				exit(EXIT_SUCCESS);
 		}
-- 
1.7.7.3

Re: [PATCH] [RFC] switch_root: Add a sanity check

[Karel Zak]

On Sat, Feb 09, 2013 at 07:22:50PM +0100, Richard Weinberger wrote:
> As switch_root basically does rm -Rf / we should make sure
> that / is really an initramfs.

Oh, nice (we should not ask for details, right? :-) Applied, thanks.

    Karel

-- 
 Karel Zak  <kzak@redhat.com>
 http://karelzak.blogspot.com

Re: [PATCH] [RFC] switch_root: Add a sanity check

[Dave Reisner]

On Wed, Feb 13, 2013 at 03:25:36PM +0100, Karel Zak wrote:
> On Sat, Feb 09, 2013 at 07:22:50PM +0100, Richard Weinberger wrote:
> > As switch_root basically does rm -Rf / we should make sure
> > that / is really an initramfs.
> 
> Oh, nice (we should not ask for details, right? :-) Applied, thanks.
> 
>     Karel
> 

Wouldn't it be better to check that / is tmpfs or ramfs instead of
insistence on being a very specific device?

Re: [PATCH] [RFC] switch_root: Add a sanity check

[Richard Weinberger]

Am Wed, 13 Feb 2013 09:52:46 -0500
schrieb Dave Reisner <d@falconindy.com>:

> On Wed, Feb 13, 2013 at 03:25:36PM +0100, Karel Zak wrote:
> > On Sat, Feb 09, 2013 at 07:22:50PM +0100, Richard Weinberger wrote:
> > > As switch_root basically does rm -Rf / we should make sure
> > > that / is really an initramfs.
> > 
> > Oh, nice (we should not ask for details, right? :-) Applied, thanks.
> > 
> >     Karel
> > 
> 
> Wouldn't it be better to check that / is tmpfs or ramfs instead of
> insistence on being a very specific device?

Not really.

switch_root is designed for initramfs only, so the check against
tmpfs is useless.
We can identify an initramfs only because it is the very first mounted
filesystem. The kernel mounts it as rootfs very early, see
fs/namespace.c
So the device 0,1 allows us to identify initramfs nicely.

Checking against type ramfs does not make much sense. It would allow
false positives, If someone overmounted / with an ramfs (or
even tmpfs) then there is no need at all to use switch_root, just use
pivot_root.

Thanks,
//richard