Hans de Goede wrote:
Hi,
This morning I've been talking to Harald Hoyer about what sort
of commandline options dracut will be needing to find the /
filesystem beside root=UUID=1234567890 .
In most cases (normal disks, dmraid, mdraid, lvm, dmcrypt)
root=UUID=1234567890 should suffice.
However in certain cases for example dracut will need additional
info to find the disks.
We've come to the following plan for iscsi targets:
1) Extend the dhcp_root dhcp variable iscsi syntax to
be able include a username password, so:
iscsi:192.168.50.2::::iqn.2009-06.dracut:target66
Can become:
iscsi:user:pass@xxxxxxxxxxxx::::iqn.2009-06.dracut:target66
Or:
iscsi:user:pass:reverse_user:reverse_pass@xxxxxxxxxxxx::::iqn.2009-06.dracut:target66
2) Pass root-path=iscsi:... on the kernel cmdline, for each needed iscsi
target, so if
necessary this will be passed multiple times, dracut will be modified
to be able
handle multiple root-path arguments being passed in
3) chmod /proc/cmdline 400, so that it cannot be read by ordinary users,
plugging
the passwork leak problem
This does not really plug the leak. Just boot until initramfs is loaded,
pull the network plug and wait until dracut drops us to a (root-)shell.
Now the remaining question is how to implement the adding of the needed
cmdline options to grub.conf.
Question: Is it really necessary to provide username/password to dracut?
Wouldn't it be better to ask the user? I mean if a mount is password
protected, be it cryptroot, nfs4 or whatever, shouldn't the user enter
the data?
Regards,
Philippe
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
