Git-Mirrors/reliant-system
1
0
Fork 0
mirror of https://codeberg.org/andersonarc/reliant-system.git synced 2025-11-14 13:20:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

quickfix: patch verification, mount --mkdir, add rmdir to initramfs

Browse source
This commit is contained in:
Anderson Rosenberg 2025-10-22 19:34:10 -04:00
parent 4ac936df5b
commit 6759eba47e
No known key found for this signature in database
GPG key ID: 7ACF448C0590AB9C
5 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -94,7 +94,7 @@ action=accept dst4=1.1.1.1 dstports=80 proto=tcp
```
Due to potential security implications of arbitrary code execution (firewall.rules is not sanitized when a volume is unsealed), the user is asked for manual confirmation before the firewall configuration is executed.
### Commandline arguments
### Commandline argumentop
- `systemd.volatile=overlay` controls the switch between Protected Mode (when present) and Maintenance Mode (when omitted)
- `reliant.e2fsck` runs `e2fsck -p` on every volume before mount to avoid needing an extra reboot in case of accidental data corruption

2
dracut/99reliant/module-setup.sh
View file

@ -37,7 +37,7 @@ install() {
inst /etc/reliant.conf
# Other binaries
inst_multiple dmesg lsblk blockdev mount dd wc sed sort sleep md5sum find modprobe cut grep mkdir rm tail
inst_multiple dmesg lsblk blockdev mount dd wc sed sort sleep md5sum find modprobe cut grep mkdir rm rmdir tail
# Optional profiling
if [ "$RELIANT_PROFILING" = "true" ]; then

2
tools/reliant-mount
View file

@ -38,7 +38,7 @@ done
dvl_required=$RELIANT_FALSE
for argument in $(cat /proc/cmdline); do
if [[ "$argument" == reliant.dvl=* ]]; then
dvl_id="${argument##*/}"
dvl_id="${argument##*=}"
dvl_required=$RELIANT_TRUE
fi
done

4
tools/reliant-profiling-patch-systemd
View file

@ -15,8 +15,8 @@ done
# Verify the patch has succeeded
for hex_offset in $hex_offsets; do
echo -n "$hex_offset: "
opcode=$(objdump -d "$target" | grep $hex_offset | awk '{ print $3 }')
if [ $opcode -eq 90 ]; then
opcode=$(objdump -d "$target" | grep $hex_offset | awk '{ print $2 }')
if [ "$opcode" -eq 90 ]; then
echo "OK"
else
echo "FAIL"

3
tools/reliant-unseal
View file

@ -28,8 +28,7 @@ blockdev --setrw "$device"
echo "Done."
echo -n "Unsealing mountpoint... "
mkdir "/run/shufflecake/$name"
mount -o rw,noatime,nodiratime "$device" "/run/shufflecake/$name"
mount -o rw,noatime,nodiratime --mkdir=0750 "$device" "/run/shufflecake/$name"
echo "Done."
# Check if we were given a qube list