[aboot]: Add setfacl in the initramfs (#1185)

Arista platforms need the filesystem ACLs to be removed on boot to
prevent invalid permission to be set for new files.
This commit is contained in:
Samuel Angebault 2017-11-24 17:30:11 -08:00 committed by lguohan
parent dd7e9240c8
commit 7f25b94378
3 changed files with 25 additions and 0 deletions

View File

@ -123,6 +123,8 @@ sudo cp files/initramfs-tools/arista-convertfs $FILESYSTEM_ROOT/etc/initramfs-to
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs
sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
sudo cp files/initramfs-tools/setfacl $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
# Hook into initramfs: rename the management interfaces on arista switches # Hook into initramfs: rename the management interfaces on arista switches
sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net

View File

@ -87,6 +87,9 @@ fixup_flash_permissions() {
# this allows the sonic admin user to have read access on the flash # this allows the sonic admin user to have read access on the flash
local flash_mnt="$1" local flash_mnt="$1"
chmod o+rx "$flash_mnt" chmod o+rx "$flash_mnt"
# remove all the filesystem acls from the flash
setfacl -Rb "$flash_mnt"
} }
# Extract kernel parameters # Extract kernel parameters

View File

@ -0,0 +1,20 @@
#!/bin/sh
#Part of the code is revised based on initramfs-tools/hooks/fsck and initramfs-tool is under GPL v2.
PREREQ=""
prereqs()
{
echo "$PREREQ"
}
case $1 in
prereqs)
prereqs
exit 0
;;
esac
. /usr/share/initramfs-tools/hook-functions
copy_exec /usr/bin/setfacl /sbin/setfacl