/usr/share/initramfs-tools/scripts/nfs-bottom/fsprotect is in fsprotect 1.0.7.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 | #!/bin/sh
#
# fsprotect
#
# Change to yes for debug messages
DEBUG=no
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
. scripts/functions
#set -x
#
# Echo a command and then run it
#
run_echo()
{
if [ "$DEBUG" = "yes" ] ; then
_log_msg "$* \n"
fi
if ! $* ; then
panic "Failed!"
exit 1
fi
}
# Check if we want fsprotect
want_fsprotect()
{
[ -e /proc/cmdline ] || return 1
# grep "\<single\>" /proc/cmdline > /dev/null 2>&1 && return 1
grep "\<nofsprotect\>" /proc/cmdline > /dev/null 2>&1 && return 2
grep "\<fsprotect\>" /proc/cmdline > /dev/null 2>&1 && return 0
return 1
}
# Check if aufs is supported
has_aufs()
{
[ -e /proc/filesystems ] || return 1
grep "\<aufs\>" /proc/filesystems > /dev/null 2>&1 && return 0
return 1
}
want_fsprotect
T=$?
if ! [ "$T" = 0 ] ; then
if [ "$T" = 2 ] ; then
log_warning_msg "fsprotect: We don't want fsprotect"
fi
exit 0
fi
if ! [ -x /bin/is_aufs ] ; then
log_failure_msg "is_aufs not found !"
exit 1
fi
if is_aufs / ; then
log_warning_msg "fsprotect: Already started"
exit 0
fi
# Load the module
modprobe aufs > /dev/null 2>&1 || true
if ! has_aufs ; then
log_failure_msg "fsprotect: No aufs kernel support !"
exit 1
fi
# Determine tmpfs size or fallback to 512MB
SZ=512M
for x in `cat /proc/cmdline` ; do
case "$x" in
fsprotect=*)
# According to bug #564141 this is supported
# by dash (tested - works)
SZ="${x#fsprotect=}"
# Avoid bashism for initramfs
# SZ=`echo "$x" | sed -e 's/^fsprotect=//'`
# If size is "auto" then use half memory size
# which is tmpfs' default value
if [ "x$SZ" = "xauto" ] ; then
SZ='50%'
fi
;;
esac
done
BASE=/fsprotect
log_begin_msg "Setting up fsprotect (aufs):"
[ "$DEBUG" = "yes" ] && _log_msg "#######################################################"
[ -d $BASE ] || ( mkdir -m 700 $BASE || mkdir $BASE )
[ -d $BASE/system ] || mkdir $BASE/system
[ -d $BASE/tmp ] || mkdir $BASE/tmp
[ -d $BASE/aufs ] || mkdir $BASE/aufs
[ "$DEBUG" = "yes" ] && _log_msg "#######################################################"
# What we do:
# -----------
# Bind the root filesystem to /fsprotect/system
# Mount a tmpfs to /fsprotect/tmp
# Create an aufs of /fsprotect/system and /fsprotect/tmp
# Umount old root
# Bind our aufs to the ${rootmnt}
# Umount our aufs
# Move /fsprotect/system and /fsprotect/tmp inside the aufs
run_echo "mount -n -o bind ${rootmnt} $BASE/system" # Mount the root filesystem
run_echo "mount -n -t tmpfs -o mode=755,size=$SZ none $BASE/tmp" # Mount the tmpfs
run_echo "mount -n -t aufs -o dirs=$BASE/tmp=rw:$BASE/system=ro none $BASE/aufs" # Make the aufs
run_echo "umount ${rootmnt}" # Umount old root
run_echo "mount -n -o move $BASE/aufs ${rootmnt}" # Use the aufs as the new root
run_echo "mkdir ${rootmnt}$BASE" # Create the in-new-root directories
run_echo "mkdir ${rootmnt}$BASE/system"
run_echo "mkdir ${rootmnt}$BASE/tmp"
run_echo "mount -n -o move $BASE/system ${rootmnt}$BASE/system" # Move those dirs inside the new root
run_echo "mount -n -o move $BASE/tmp ${rootmnt}$BASE/tmp"
# This one will prevent FSCKs
touch ${rootmnt}/fastboot
# [ "$DEBUG" = "yes" ] && _log_msg "#######################################################"
# [ "$DEBUG" = "yes" ] && /sbin/aufsctl ${rootmnt} --list
# [ "$DEBUG" = "yes" ] && _log_msg "#######################################################"
log_end_msg "Done..."
[ "$DEBUG" = "yes" ] && sleep 3
exit 0
|