From 5842219f3803338cb00d3fbc886948da31adb626 Mon Sep 17 00:00:00 2001 From: Eric Edgar Date: Mon, 27 Jun 2005 15:25:33 +0000 Subject: [PATCH] linuxrc that should not create avc denied messages for a hardened system. git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@228 67a159dc-881f-0410-a524-ba9dfbe2cb84 --- generic/linuxrc | 28 +++++++++++++++++++++++----- 1 file changed, 23 insertions(+), 5 deletions(-) diff --git a/generic/linuxrc b/generic/linuxrc index 8127b1f..133badf 100644 --- a/generic/linuxrc +++ b/generic/linuxrc @@ -298,7 +298,7 @@ do done # End determine root device -verbose_kmsg +#verbose_kmsg # If cdroot is set determine the looptype to boot if [ "${CDROOT}" = '1' ] @@ -478,6 +478,8 @@ then CHROOT=${CHROOT}/${SUBDIR} fi +verbose_kmsg + if [ "$0" = '/linuxrc' ] then [ ! -e ${CHROOT}/dev/console ] && mknod ${CHROOT}/dev/console c 5 1 @@ -559,13 +561,29 @@ then fi INITRAMFS_FILES=$(echo ${INITRAMFS_FILES}|sed -e "s|newroot||g") - (sleep 10; cd /; rm -rf ${INITRAMFS_FILES}) & - + for i in ${INITRAMFS_FILES} + do + for j in $(/bin/busybox find /$i) + do + #/bin/busybox echo "$j" + if /bin/busybox [ ! -d "$j" -a "$j" != "/bin/busybox" ] + then + /bin/busybox rm "$j" + fi + done + for j in $(/bin/busybox find /$i) + do + if /bin/busybox [ -d ${j} -a "${j}" != "/bin" ] + then + /bin/busybox rm -r "$j" + fi + done + done # End initramfs cleanup # Start the real root init - - exec chroot . /bin/sh <<- EOF + (/bin/busybox sleep 2;/bin/busybox rm /bin/busybox) & + exec /bin/busybox chroot . /bin/sh <<- EOF exec /sbin/init ${REAL_INIT} EOF