linuxrc that should not create avc denied messages for a hardened system.

git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@228 67a159dc-881f-0410-a524-ba9dfbe2cb84
20 years ago · 5842219f38
parent 719c29665e
commit 5842219f38
1 changed files with 23 additions and 5 deletions
--- a/generic/linuxrc
+++ b/generic/linuxrc
@ -298,7 +298,7 @@ do
 done
 # End determine root device

-verbose_kmsg
+#verbose_kmsg

 # If cdroot is set determine the looptype to boot
 if [ "${CDROOT}" = '1' ]
@ -478,6 +478,8 @@ then
    CHROOT=${CHROOT}/${SUBDIR}
 fi

+verbose_kmsg
+
 if [ "$0" = '/linuxrc' ]
 then
 	[ ! -e ${CHROOT}/dev/console ] && mknod ${CHROOT}/dev/console c 5 1
@ -559,13 +561,29 @@ then
       fi
       
       INITRAMFS_FILES=$(echo ${INITRAMFS_FILES}|sed -e "s|newroot||g")
-       (sleep 10; cd /; rm -rf ${INITRAMFS_FILES}) &
-       
+       for i in ${INITRAMFS_FILES}
+       do
+		for j in $(/bin/busybox find /$i)
+		do
+			#/bin/busybox echo "$j"
+			if /bin/busybox [ ! -d "$j" -a "$j" != "/bin/busybox" ]
+			then
+				/bin/busybox rm "$j"
+			fi
+		done
+		for j in $(/bin/busybox find /$i)
+		do
+			if /bin/busybox [ -d ${j} -a "${j}" != "/bin" ]
+			then
+				/bin/busybox rm -r "$j"
+			fi
+		done
+       done
       # End initramfs cleanup

       # Start the real root init
-       
-       exec chroot . /bin/sh <<- EOF
+       (/bin/busybox sleep 2;/bin/busybox rm /bin/busybox) & 
+       exec /bin/busybox chroot . /bin/sh <<- EOF
       exec /sbin/init ${REAL_INIT}
 EOF