home: hub: mkinitfs

Download patch

ref: 1bffc0c7e7563ba9ce6471979cfe18616d36423e
parent: 0316297f063026a385758a2c1167891e51ef1fcb
author: omni <omni+alpine@hack.org>
date: Thu Jan 14 17:01:30 CST 2021 

make overlaytmpfs configurable with overlaytmpfsflags

- default mode=0755 for overlaytmpfs, setting with overlaytmpfsflags
  overrides
- enable rootflags & rootfstype options for underlying rootfs
- force read-only mount of "lowerdir" (root-ro) and read-write mode of
  "upperdir" (root-rw) to mitigate user foot gunnery


--- a/initramfs-init.in
+++ b/initramfs-init.in
@@ -346,8 +346,8 @@
 myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader cryptoffset
 	cryptdiscards cryptkey debug_init dma init init_args keep_apk_new modules ovl_dev
 	pkgs quiet root_size root usbdelay ip alpine_repo apkovl alpine_start splash
-	blacklist overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key
-	BOOTIF zfcp"
+	blacklist overlaytmpfs overlaytmpfsflags rootfstype rootflags nbd resume s390x_net
+	dasd ssh_key BOOTIF zfcp"
 
 for opt; do
 	case "$opt" in
@@ -526,12 +526,21 @@
 	fi
 
 	if [ "$KOPT_overlaytmpfs" = "yes" ]; then
+		# Create mountpoints
 		mkdir -p /media/root-ro /media/root-rw $sysroot/media/root-ro \
 			$sysroot/media/root-rw
-		mount -o ro $KOPT_root /media/root-ro
-		mount -t tmpfs root-tmpfs /media/root-rw
+		# Mount read-only underlying rootfs
+		rootflags="${KOPT_rootflags:+$KOPT_rootflags,}ro"
+		mount ${KOPT_rootfstype:+-t $KOPT_rootfstype} -o $rootflags \
+			$KOPT_root /media/root-ro
+		# Mount writable overlay tmpfs
+		overlaytmpfsflags="mode=0755,${KOPT_overlaytmpfsflags:+$KOPT_overlaytmpfsflags,}rw"
+		mount -t tmpfs -o $overlaytmpfsflags root-tmpfs /media/root-rw
+		# Create additional mountpoints and do the overlay mount
 		mkdir -p /media/root-rw/work /media/root-rw/root
-		mount -t overlay -o lowerdir=/media/root-ro,upperdir=/media/root-rw/root,workdir=/media/root-rw/work overlayfs $sysroot
+		mount -t overlay -o \
+			lowerdir=/media/root-ro,upperdir=/media/root-rw/root,workdir=/media/root-rw/work \
+			overlayfs $sysroot
 	else
 		if [ "$rootfstype" = "zfs" ]; then
 			prepare_zfs_root
--- a/mkinitfs-bootparam.7.in
+++ b/mkinitfs-bootparam.7.in
@@ -67,8 +67,13 @@
 Comma-sparated list of kernel modules to load explicitly.
 .TP
 \fBoverlaytmpfs\fR
-When booting from an read-only partition, you can specify this flag to have
-your changes written to an in-memory overlayfs.
+When booting from a read-only filesystem, you can specify this flag to have
+your changes written to an in-memory temporary overlayfs.  The underlying
+filesystem will always be mounted read-only, the overlay always writable.
+.TP
+\fBoverlaytmpfsflags=\fIOPTIONS\fR
+Optional comma-separated list of tmpfs(5) mount options when \fBoverlaytmpfs\fR
+is used.  The default is \fBmode=0755,rw\fR, you cannot override \fBrw\fR.
 .TP
 \fBquiet\fR
 Generate less output.