On Wed, 08 Aug 2007, der Mouse wrote:
> > As for root on cgd, are you aware of the init.root sysctl?
> 
> Um...no?  I couldn't find it in the 3.1 manpages, so I
> went poking around in the -current source tree.  I can't
> find it in usr/src/sys/sys or usr/src/sys/kern, nor in
> usr/src/sbin/sysctl/sysctl.8.  What is it and where is it documented?
> (And why isn't the answer "sysctl(8)"? :)

See the init(8) man page in -current.  After running the outer /etc/rc
in the usual way, init checks whether the init.root sysctl node has been
changed; if it was changed, then init runs the inner /etc/rc in the
chroot, and then enters multiuser mode with all child processes running
in the chroot.

To use this, you simply need the outer /etc/rc to be a custom
script that mounts the encrypted file system, does "sysctl -w
init.root=/chrootdir", and exits.  The inner /etc/rc should be the
standard one supplied with NetBSD.

--apb (Alan Barrett)