Re: minimally non-encrypted cgd setup?

[Adrian Steinmann <ast%NetBSD.org@localhost>]

On Sat, Jan 19, 2013 at 01:33:55PM +0100, Magnus Eriksson wrote:
> On Thu, Jan 17, 2013, at 14:14, Matthias Kretschmer wrote:
> > you most probably want to use a CD or USB stick and the
> > pivot root stuff [1].
Where [1] is http://marabu.ch/pivot_root_eurobsdcon_2012/ ...

> Is this something that one can expect to see in the official source tree
> any time soon?
At EuroBSDcon 2012 there was a wide array of feedback from our
community; it spanned from "why?" to "cool". At any rate it was
refreshing to see it through other peoples eyes ;-) I am now convinced
that I should actually generalize pivot_root to support not only
pivoting but moving; pivot_root would then be the special case of
moving. Also, this stuff should just be additional options to mount:

    mount -o move  old_mp   new_mp
    mount -o pivot old_root new_root

> I've been looking at using the init.root sysctl for exactly this sort of
> thing, and it's a hassle.
pivot_root will still leave you with some of the hassle: you need
to make sure all the processes have closed and reopened their file
descriptors on the new_root.

By doing it the above way, there could be an astute way to write
/etc/fstab files where the initial root sets up the cgd fs in single
user and then as the system goes multiuser it automatically pivots
into what it prepared. But first I need to move the code into the
mount syscall instead of leaving it in its own syscall as a loadable
kernel module (as in [1]). Blame the day job that I haven't done that
yet...

And yes, I'd like to get it into the tree since I see more yeas than nays!

Adrian

PS I also noticed that the pivot_root code as-is doesn't compile
for evbarm port - something else I need to fix.