linuxrc that should not create avc denied messages for a hardened system.
authorEric Edgar <rocket@gentoo.org>
Mon, 27 Jun 2005 15:25:33 +0000 (15:25 +0000)
committerEric Edgar <rocket@gentoo.org>
Mon, 27 Jun 2005 15:25:33 +0000 (15:25 +0000)
git-svn-id: svn+ssh://svn.gentoo.org/var/svnroot/genkernel/trunk@228 67a159dc-881f-0410-a524-ba9dfbe2cb84

generic/linuxrc

index 8127b1f39b23e78bc44a69425843497cfaceebc2..133badf949ffcdcc043fa59c296a066d420bd20a 100644 (file)
@@ -298,7 +298,7 @@ do
 done
 # End determine root device
 
-verbose_kmsg
+#verbose_kmsg
 
 # If cdroot is set determine the looptype to boot
 if [ "${CDROOT}" = '1' ]
@@ -478,6 +478,8 @@ then
     CHROOT=${CHROOT}/${SUBDIR}
 fi
 
+verbose_kmsg
+
 if [ "$0" = '/linuxrc' ]
 then
        [ ! -e ${CHROOT}/dev/console ] && mknod ${CHROOT}/dev/console c 5 1
@@ -559,13 +561,29 @@ then
        fi
        
        INITRAMFS_FILES=$(echo ${INITRAMFS_FILES}|sed -e "s|newroot||g")
-       (sleep 10; cd /; rm -rf ${INITRAMFS_FILES}) &
-       
+       for i in ${INITRAMFS_FILES}
+       do
+               for j in $(/bin/busybox find /$i)
+               do
+                       #/bin/busybox echo "$j"
+                       if /bin/busybox [ ! -d "$j" -a "$j" != "/bin/busybox" ]
+                       then
+                               /bin/busybox rm "$j"
+                       fi
+               done
+               for j in $(/bin/busybox find /$i)
+               do
+                       if /bin/busybox [ -d ${j} -a "${j}" != "/bin" ]
+                       then
+                               /bin/busybox rm -r "$j"
+                       fi
+               done
+       done
        # End initramfs cleanup
 
        # Start the real root init
-       
-       exec chroot . /bin/sh <<- EOF
+       (/bin/busybox sleep 2;/bin/busybox rm /bin/busybox) & 
+       exec /bin/busybox chroot . /bin/sh <<- EOF
        exec /sbin/init ${REAL_INIT}
 EOF