File 0585-emergency-mode-use-sulogin.patch of Package dracut.12460

From 97ce7a8179dfebe16d072d8d7355af3817512d0d Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Wed, 5 Dec 2018 16:52:45 +0100
Subject: [PATCH] emergency mode: use sulogin

- allow emergency login on every console
  specified in the kernel cmdline
- require password for hostonly images
- emergency mode: Manually multiplex emergency infos

This will bring all vital information to all ttys specified
as console devices, regardless of wether they hold the C flag.

Reference: FATE#325386
Reference: #449
---
 modules.d/98dracut-systemd/dracut-emergency.sh | 29 +++++++++++++++-----------
 modules.d/98dracut-systemd/module-setup.sh     |  2 ++
 modules.d/99base/module-setup.sh               |  8 +++++--
 3 files changed, 25 insertions(+), 14 deletions(-)

Index: dracut-044/modules.d/98dracut-systemd/dracut-emergency.sh
===================================================================
--- dracut-044.orig/modules.d/98dracut-systemd/dracut-emergency.sh
+++ dracut-044/modules.d/98dracut-systemd/dracut-emergency.sh
@@ -17,20 +17,26 @@ source_hook "$hook"
 
 if getargbool 1 rd.shell -d -y rdshell || getarg rd.break -d rdbreak; then
     FSTXT="/usr/share/fsck/fsck_help_$fstype.txt"
+    RDSOSREPORT="$(rdsosreport)"
     echo
-    rdsosreport
-    echo
-    echo
-    echo 'Entering emergency mode. Exit the shell to continue.'
-    echo 'Type "journalctl" to view system logs.'
-    echo 'You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot'
-    echo 'after mounting them and attach it to a bug report.'
-    echo
-    echo
-    [ -f $FSTXT ] && cat $FSTXT
+    while read _tty rest; do
+        (
+            echo
+            echo $RDSOSREPORT
+            echo
+            echo
+            echo 'Entering emergency mode. Exit the shell to continue.'
+            echo 'Type "journalctl" to view system logs.'
+            echo 'You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot'
+            echo 'after mounting them and attach it to a bug report.'
+            echo
+            echo
+            [ -f "$FSTXT" ] && cat "$FSTXT"
+        ) > /dev/$_tty
+    done < /dev/consoles
     [ -f /etc/profile ] && . /etc/profile
     [ -z "$PS1" ] && export PS1="$_name:\${PWD}# "
-    exec sh -i -l
+    exec sulogin -e
 else
     warn "$action has failed. To debug this issue add \"rd.shell rd.debug\" to the kernel command line."
     exit 1
Index: dracut-044/modules.d/98dracut-systemd/module-setup.sh
===================================================================
--- dracut-044.orig/modules.d/98dracut-systemd/module-setup.sh
+++ dracut-044/modules.d/98dracut-systemd/module-setup.sh
@@ -59,5 +59,7 @@ install() {
     done
 
     inst_simple "$moddir/dracut-tmpfiles.conf" "$tmpfilesdir/dracut-tmpfiles.conf"
+
+    inst_multiple sulogin
 }
 
Index: dracut-044/modules.d/99base/module-setup.sh
===================================================================
--- dracut-044.orig/modules.d/99base/module-setup.sh
+++ dracut-044/modules.d/99base/module-setup.sh
@@ -26,9 +26,13 @@ install() {
         (ln -s bash "${initdir}/bin/sh" || :)
     fi
 
-    #add common users in /etc/passwd, it will be used by nfs/ssh currently
-    egrep '^root:' "$initdir/etc/passwd" 2>/dev/null || echo  'root:x:0:0::/root:/bin/sh' >> "$initdir/etc/passwd"
-    egrep '^nobody:' /etc/passwd >> "$initdir/etc/passwd"
+    # add common users in /etc/passwd, it will be used by nfs/ssh currently
+    # use password for hostonly images to facilitate secure sulogin in emergency console
+    [[ $hostonly ]] && pwshadow='x'
+    grep '^root:' "$initdir/etc/passwd" 2>/dev/null || echo  "root:$pwshadow:0:0::/root:/bin/sh" >> "$initdir/etc/passwd"
+     grep '^nobody:' /etc/passwd >> "$initdir/etc/passwd"
+
+    [[ $hostonly ]] && grep '^root:' /etc/shadow >> "$initdir/etc/shadow"
 
     # install our scripts and hooks
     inst_script "$moddir/init.sh" "/init"