>> By introducing shared libraries as a static root, to my perception,
>> this introduces one more point of failure.
>
>Yes, that's why we now have /rescue, and why you can tell the kernel to
>look for /rescue/init. We talked about auto-failover (if /sbin/init fails
>try /rescue/init or some such) but the problem is how to tell when
>"loading" is finished; we panic if init exists, so when do we know to
>panic or look at /rescue/init...

this thread has grown too far and too fast for me to read it all, but
unless someone has covered this already...

...i think it would be fair for the kernel to assume that init
"worked" (as opposed to failing to exec, or experiencing a shared
library linking problem) if fork or exec is called subsequent to

        wakeup((void *)&start_init_exec);

if init exits and the flag is not set, the kernel can assume that that
particular init binary failed and try the next one.

the implementation is, of course, left to the reader.  :)

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."