1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
|
#!/bin/sh
# SPDX-License-Identifier: MIT
#
# Copyright 2022 (C), Microsoft Corporation
# Simple initramfs module intended to mount a read-write (RW)
# overlayfs on top of /, keeping the original root filesystem
# as read-only (RO), free from modifications by the user.
#
# NOTE: The read-only IMAGE_FEATURE is not required for this to work
#
# This script is based on the overlay-etc.bbclass, which sets up
# an overlay on top of the /etc directory, but in this case allows
# accessing the original, unmodified rootfs at /rofs after boot.
#
# It relies on the initramfs-module-rootfs to mount the original
# root filesystem, and requires 'rootrw=<foo>' to be passed as a
# kernel parameter, specifying the device/partition intended to
# use as RW.
#
# This module needs to be executed after the initramfs-module-rootfs
# since it relies on it to mount the filesystem at initramfs startup
# but before the finish module which normally switches root.
# After overlayroot is executed the usual boot flow continues from
# the real init process.
#
# If something goes wrong while running this module, the rootfs
# is still mounted RO (with no overlay) and the finish module is
# executed to continue booting normally.
#
# It also has a dependency on overlayfs being enabled in the
# running kernel via KERNEL_FEATURES (kmeta) or any other means.
PATH=/sbin:/bin:/usr/sbin:/usr/bin
# We get OLDROOT from the rootfs module
OLDROOT="/rootfs"
NEWROOT="${RWMOUNT}/root"
RWMOUNT="/overlay"
ROMOUNT="${RWMOUNT}/rofs"
UPPER_DIR="${RWMOUNT}/upper"
WORK_DIR="${RWMOUNT}/work"
MODULES_DIR=/init.d
# Something went wrong, make sure / is mounted as read only anyway.
exit_gracefully() {
echo $1 >/dev/console
echo >/dev/console
echo "OverlayRoot mounting failed, starting system as read-only" >/dev/console
echo >/dev/console
# The following is borrowed from rootfs-postcommands.bbclass
# This basically looks at the real rootfs mounting options and
# replaces them with "ro"
# Tweak the mount option and fs_passno for rootfs in fstab
if [ -f ${OLDROOT}/etc/fstab ]; then
sed -i -e '/^[#[:space:]]*\/dev\/root/{s/defaults/ro/;s/\([[:space:]]*[[:digit:]]\)\([[:space:]]*\)[[:digit:]]$/\1\20/}' ${OLDROOT}/etc/fstab
fi
# Tweak the "mount -o remount,rw /" command in busybox-inittab inittab
if [ -f ${OLDROOT}/etc/inittab ]; then
sed -i 's|/bin/mount -o remount,rw /|/bin/mount -o remount,ro /|' ${OLDROOT}/etc/inittab
fi
# Continue as if the overlayroot module didn't exist to continue booting
. $MODULES_DIR/99-finish
eval "finish_run"
}
if [ -z "$bootparam_rootrw" ]; then
exit_gracefully "rootrw= kernel parameter doesn't exist and its required to mount the overlayfs"
fi
mkdir -p ${RWMOUNT}
# Mount RW device
if mount -n -t ${bootparam_rootfstype:-ext4} -o ${bootparam_rootflags:-defaults} ${bootparam_rootrw} ${RWMOUNT}
then
# Set up overlay directories
mkdir -p ${UPPER_DIR}
mkdir -p ${WORK_DIR}
mkdir -p ${NEWROOT}
mkdir -p ${ROMOUNT}
# Remount OLDROOT as read-only
mount -o bind ${OLDROOT} ${ROMOUNT}
mount -o remount,ro ${ROMOUNT}
# Mount RW overlay
mount -t overlay overlay -o lowerdir=${ROMOUNT},upperdir=${UPPER_DIR},workdir=${WORK_DIR} ${NEWROOT} || exit_gracefully "initramfs-overlayroot: Mounting overlay failed"
else
exit_gracefully "initramfs-overlayroot: Mounting RW device failed"
fi
# Set up filesystems on overlay
mkdir -p ${NEWROOT}/proc
mkdir -p ${NEWROOT}/dev
mkdir -p ${NEWROOT}/sys
mkdir -p ${NEWROOT}/rofs
mount -n --move ${ROMOUNT} ${NEWROOT}/rofs
mount -n --move /proc ${NEWROOT}/proc
mount -n --move /sys ${NEWROOT}/sys
mount -n --move /dev ${NEWROOT}/dev
exec chroot ${NEWROOT}/ ${bootparam_init:-/sbin/init} || exit_gracefully "Couldn't chroot into overlay"
|
