[aboot]: Add setfacl in the initramfs (#1185)
Arista platforms need the filesystem ACLs to be removed on boot to prevent invalid permission to be set for new files.
This commit is contained in:
parent
dd7e9240c8
commit
7f25b94378
@ -123,6 +123,8 @@ sudo cp files/initramfs-tools/arista-convertfs $FILESYSTEM_ROOT/etc/initramfs-to
|
|||||||
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs
|
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-convertfs
|
||||||
sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
|
sudo cp files/initramfs-tools/mke2fs $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
|
||||||
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
|
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/mke2fs
|
||||||
|
sudo cp files/initramfs-tools/setfacl $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
|
||||||
|
sudo chmod +x $FILESYSTEM_ROOT/etc/initramfs-tools/hooks/setfacl
|
||||||
|
|
||||||
# Hook into initramfs: rename the management interfaces on arista switches
|
# Hook into initramfs: rename the management interfaces on arista switches
|
||||||
sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net
|
sudo cp files/initramfs-tools/arista-net $FILESYSTEM_ROOT/etc/initramfs-tools/scripts/init-premount/arista-net
|
||||||
|
@ -87,6 +87,9 @@ fixup_flash_permissions() {
|
|||||||
# this allows the sonic admin user to have read access on the flash
|
# this allows the sonic admin user to have read access on the flash
|
||||||
local flash_mnt="$1"
|
local flash_mnt="$1"
|
||||||
chmod o+rx "$flash_mnt"
|
chmod o+rx "$flash_mnt"
|
||||||
|
|
||||||
|
# remove all the filesystem acls from the flash
|
||||||
|
setfacl -Rb "$flash_mnt"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Extract kernel parameters
|
# Extract kernel parameters
|
||||||
|
20
files/initramfs-tools/setfacl
Normal file
20
files/initramfs-tools/setfacl
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
#Part of the code is revised based on initramfs-tools/hooks/fsck and initramfs-tool is under GPL v2.
|
||||||
|
|
||||||
|
PREREQ=""
|
||||||
|
|
||||||
|
prereqs()
|
||||||
|
{
|
||||||
|
echo "$PREREQ"
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
prereqs)
|
||||||
|
prereqs
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
. /usr/share/initramfs-tools/hook-functions
|
||||||
|
|
||||||
|
copy_exec /usr/bin/setfacl /sbin/setfacl
|
Loading…
Reference in New Issue
Block a user