[aboot]: Add setfacl in the initramfs (#1185)

Arista platforms need the filesystem ACLs to be removed on boot to
prevent invalid permission to be set for new files.

build_debian.sh

@@ -123,6 +123,8 @@ sudo cp files/initramfs-tools/arista-convertfs $FILESYSTEM_ROOT/etc/initramfs-to
 sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs
 sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
 sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
+sudo cp files/initramfs-tools/setfacl $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
+sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
 
 # Hook into initramfs: rename the management interfaces on arista switches
 sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net

files/initramfs-tools/arista-convertfs.j2

@@ -87,6 +87,9 @@ fixup_flash_permissions() {
     # this allows the sonic admin user to have read access on the flash
     local flash_mnt="$1"
     chmod o+rx "$flash_mnt"
+
+    # remove all the filesystem acls from the flash
+    setfacl -Rb "$flash_mnt"
 }
 
 # Extract kernel parameters

files/initramfs-tools/setfacl

@@ -0,0 +1,20 @@
+#!/bin/sh
+#Part of the code is revised based on initramfs-tools/hooks/fsck and initramfs-tool is under GPL v2.
+
+PREREQ=""
+
+prereqs()
+{
+    echo "$PREREQ"
+}
+
+case $1 in
+prereqs)
+    prereqs
+    exit 0
+    ;;
+esac
+
+. /usr/share/initramfs-tools/hook-functions
+
+copy_exec /usr/bin/setfacl /sbin/setfacl