File 0585-emergency-mode-use-sulogin.patch of Package dracut.16003
From 97ce7a8179dfebe16d072d8d7355af3817512d0d Mon Sep 17 00:00:00 2001
From: Daniel Molkentin <dmolkentin@suse.com>
Date: Wed, 5 Dec 2018 16:52:45 +0100
Subject: [PATCH] emergency mode: use sulogin
- allow emergency login on every console
specified in the kernel cmdline
- require password for hostonly images
- emergency mode: Manually multiplex emergency infos
This will bring all vital information to all ttys specified
as console devices, regardless of wether they hold the C flag.
Reference: FATE#325386
Reference: #449
---
modules.d/98dracut-systemd/dracut-emergency.sh | 29 +++++++++++++++-----------
modules.d/98dracut-systemd/module-setup.sh | 2 ++
modules.d/99base/module-setup.sh | 8 +++++--
3 files changed, 25 insertions(+), 14 deletions(-)
Index: dracut-044/modules.d/98dracut-systemd/dracut-emergency.sh
===================================================================
--- dracut-044.orig/modules.d/98dracut-systemd/dracut-emergency.sh
+++ dracut-044/modules.d/98dracut-systemd/dracut-emergency.sh
@@ -17,20 +17,26 @@ source_hook "$hook"
if getargbool 1 rd.shell -d -y rdshell || getarg rd.break -d rdbreak; then
FSTXT="/usr/share/fsck/fsck_help_$fstype.txt"
+ RDSOSREPORT="$(rdsosreport)"
echo
- rdsosreport
- echo
- echo
- echo 'Entering emergency mode. Exit the shell to continue.'
- echo 'Type "journalctl" to view system logs.'
- echo 'You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot'
- echo 'after mounting them and attach it to a bug report.'
- echo
- echo
- [ -f $FSTXT ] && cat $FSTXT
+ while read _tty rest; do
+ (
+ echo
+ echo $RDSOSREPORT
+ echo
+ echo
+ echo 'Entering emergency mode. Exit the shell to continue.'
+ echo 'Type "journalctl" to view system logs.'
+ echo 'You might want to save "/run/initramfs/rdsosreport.txt" to a USB stick or /boot'
+ echo 'after mounting them and attach it to a bug report.'
+ echo
+ echo
+ [ -f "$FSTXT" ] && cat "$FSTXT"
+ ) > /dev/$_tty
+ done < /dev/consoles
[ -f /etc/profile ] && . /etc/profile
[ -z "$PS1" ] && export PS1="$_name:\${PWD}# "
- exec sh -i -l
+ exec sulogin -e
else
warn "$action has failed. To debug this issue add \"rd.shell rd.debug\" to the kernel command line."
exit 1
Index: dracut-044/modules.d/98dracut-systemd/module-setup.sh
===================================================================
--- dracut-044.orig/modules.d/98dracut-systemd/module-setup.sh
+++ dracut-044/modules.d/98dracut-systemd/module-setup.sh
@@ -59,5 +59,7 @@ install() {
done
inst_simple "$moddir/dracut-tmpfiles.conf" "$tmpfilesdir/dracut-tmpfiles.conf"
+
+ inst_multiple sulogin
}
Index: dracut-044/modules.d/99base/module-setup.sh
===================================================================
--- dracut-044.orig/modules.d/99base/module-setup.sh
+++ dracut-044/modules.d/99base/module-setup.sh
@@ -26,9 +26,13 @@ install() {
(ln -s bash "${initdir}/bin/sh" || :)
fi
- #add common users in /etc/passwd, it will be used by nfs/ssh currently
- egrep '^root:' "$initdir/etc/passwd" 2>/dev/null || echo 'root:x:0:0::/root:/bin/sh' >> "$initdir/etc/passwd"
- egrep '^nobody:' /etc/passwd >> "$initdir/etc/passwd"
+ # add common users in /etc/passwd, it will be used by nfs/ssh currently
+ # use password for hostonly images to facilitate secure sulogin in emergency console
+ [[ $hostonly ]] && pwshadow='x'
+ grep '^root:' "$initdir/etc/passwd" 2>/dev/null || echo "root:$pwshadow:0:0::/root:/bin/sh" >> "$initdir/etc/passwd"
+ grep '^nobody:' /etc/passwd >> "$initdir/etc/passwd"
+
+ [[ $hostonly ]] && grep '^root:' /etc/shadow >> "$initdir/etc/shadow"
# install our scripts and hooks
inst_script "$moddir/init.sh" "/init"