3 # QEMU trick to dive user in his own hoe environment
4 # as root in a virualized shadow of his own system
6 # (C) 2013 Pavel Pisa <pisa@cmp.felk.cvut.cz>
8 # THE TSCRIPT IS PROVIDED “AS IS” WITHOUT WARRANTY
9 # OF ANY KIND, EITHER EXPRESSED OR IMPLIED.
11 # There is no limitation of scrip use, modification
12 # and distribution or relicensing.
14 # Some used ideas are documented at CTU FEE A4M35OSP
16 # http://support.dce.felk.cvut.cz/osp/cviceni/2/
17 # http://support.dce.felk.cvut.cz/osp/cviceni/2-en/
19 # and Departemnt Of Control Engineering IT Wiki
20 # https://support.dce.felk.cvut.cz/
23 QEMU=qemu-system-x86_64
24 BUSYBOX=$(which busybox)
25 RESIZE=$(which resize)
26 KERNEL_VERSION=$(uname -r)
27 KERNEL_IMAGE=/boot/vmlinuz-${KERNEL_VERSION}
28 RAMDISK_ARCHIVE=ramdisk.cpio
29 #GEN_INIT_CPIO=$(dirname $0)/gen_init_cpio
30 INITRD_DIR=initrd_content
31 MODULES_LIST="virtio virtio_ring virtio_pci virtio_net virtio_net fscache 9pnet 9pnet_virtio 9p aufs overlay"
33 QEMU_KVM_ENABLE="-enable-kvm"
34 #QEMU_OUTPUT="-vga cirrus -serial null"
35 QEMU_OUTPUT="-nographic -append console=ttyS0"
37 INITRD_DIR_ABS=$(readlink -f ${INITRD_DIR})
39 function libraries_for_binary()
41 ldd $1 | sed -n -e 's#^\t\(/[^ ]*\) .*$#\1#p' -e 's#^\t\([^ ]*\) => \([^ ]\+\) .*$#\2#p'
50 mkdir -p ${tgt_dir}/$(dirname ${src}) || return 1
51 cp -av ${src} ${tgt_dir}/${src#/} || \
52 cp -v ${src} ${tgt_dir}/${src#/} || return 1
59 if [ ${l:0:1} != '/' ] ; then
60 l=$(dirname ${src})/${l}
66 function setup_initrd_content()
68 mkdir -p ${INITRD_DIR_ABS}
69 mkdir -p ${INITRD_DIR_ABS}/bin
70 mkdir -p ${INITRD_DIR_ABS}/etc/init.d
72 LIBS=$(libraries_for_binary ${BUSYBOX})
73 if [ -n "${RESIZE}" ] ; then
74 LIBS+=" "$(libraries_for_binary ${RESIZE})
77 LIBS="$(for i in ${LIBS} ; do echo $i ; done | sort -u)"
80 deep_copy ${i} ${INITRD_DIR_ABS}
83 cp -a ${BUSYBOX} ${INITRD_DIR_ABS}/bin
84 ( cd ${INITRD_DIR_ABS}/bin && ln -s busybox sh )
86 if [ -n "${RESIZE}" ] ; then
87 cp -a ${RESIZE} ${INITRD_DIR_ABS}/bin
91 for m in ${MODULES_LIST} ; do
92 mf=$(find /lib/modules/${KERNEL_VERSION} -name ${m}.ko )
93 if [ -n "${mf}" ] ; then
94 mkdir -p "${INITRD_DIR_ABS}/$(dirname ${mf})"
95 cp -a "${mf}" "${INITRD_DIR_ABS}/${mf#/}"
97 echo "Module ${m} not found"
103 root_dir_list="/proc /sys /dev /mnt /mnt/root /mnt/rootbase /mnt/overlay /tmp"
107 for d in $root_dir_list ; do
112 echo "Starting QEMU trick"
113 mount -t proc none /proc
114 mount -t sysfs none /sys
115 mount -t tmpfs none /dev
118 for m in ${MODULES_LIST} ; do
123 if [ -e /bin/resize ] ; then
124 mv /dev/tty /dev/tty-backup
125 ln -s /dev/console /dev/tty
126 /bin/resize >/tmp/term-size
128 stty cols \$COLUMNS rows \$LINES
130 mv /dev/tty-backup /dev/tty
132 mount -t 9p -o ro,trans=virtio,version=9p2000.u root /mnt/rootbase
133 mount -t tmpfs overlay /mnt/overlay
134 mkdir -p /mnt/overlay/data
136 echo "Ready to setup overlay"
140 if grep -q aufs /proc/filesystems ; then
141 echo "Using aufs to remap root"
142 mount -n -t aufs -o noxino,noatime,dirs=/mnt/overlay/data=rw:/mnt/rootbase=ro aufs-root ${rootmnt}
144 echo "Using overlay to remap root"
145 mkdir -p /mnt/overlay/work
146 mount -n -t overlay -o upperdir=/mnt/overlay/data,workdir=/mnt/overlay/work,lowerdir=/mnt/rootbase overlay-root ${rootmnt}
149 mount -n -o move /dev ${rootmnt}/dev
150 mount -n -o move /sys ${rootmnt}/sys
151 mount -n -o move /proc ${rootmnt}/proc
152 mount -t 9p -o trans=virtio,version=9p2000.u home ${rootmnt}/home
153 mount -t tmpfs none ${rootmnt}/root
154 mount -t tmpfs none ${rootmnt}/tmp
155 mount -t tmpfs none ${rootmnt}/run
156 mount -t tmpfs none ${rootmnt}/var/log
157 mount -t tmpfs none ${rootmnt}/var/tmp
159 rm ${rootmnt}/var/lib/urandom/random-seed
160 rm -rf ${rootmnt}/etc/shadow
161 echo >${rootmnt}/etc/shadow
162 rm -rf ${rootmnt}/etc/ssh
163 mkdir ${rootmnt}/etc/ssh
165 rm -f ${rootmnt}/etc/rc2.d/* ${rootmnt}/etc/rc3.d/* ${rootmnt}/etc/rc4.d/* ${rootmnt}/etc/rc5.d/*
167 rm -rf ${rootmnt}/etc/fstab.d ${rootmnt}/etc/fstab
168 echo >${rootmnt}/etc/fstab
170 rm -rf ${rootmnt}/var/lib/dpkg/lock ${rootmnt}/var/lib/apt/lists/lock ${rootmnt}/var/cache/apt/archives/lock
171 rm -rf ${rootmnt}/etc/apt/apt.conf.d/*etckeeper ${rootmnt}/var/lib/dpkg/triggers/Lock
173 rm -rf ${rootmnt}/etc/network/interfaces.d ${rootmnt}/etc/network/interfaces
174 echo "auto lo eth0" >${rootmnt}/etc/network/interfaces
175 echo "iface lo inet loopback" >>${rootmnt}/etc/network/interfaces
176 echo "iface eth0 inet dhcp" >>${rootmnt}/etc/network/interfaces
178 if [ -e ${rootmnt}/bin/bash ] ; then
184 mv ${rootmnt}/etc/inittab ${rootmnt}/etc/inittab.orig
185 cp ${rootmnt}/etc/inittab.orig ${rootmnt}/etc/inittab
186 sed -i -e '/\/sbin\/.*getty/d' ${rootmnt}/etc/inittab
187 #echo "1:2345:respawn:/bin/sh" >>${rootmnt}/etc/inittab
188 #echo "T0:1234:respawn:/bin/sh" >>${rootmnt}/etc/inittab
190 echo "1:2345:respawn:/sbin/agetty -n -l \${shell} -o '-l' tty1 38400 linux" >>${rootmnt}/etc/inittab
191 echo "2:23:respawn:/sbin/agetty -n -l \${shell} -o '-l' tty2 38400 linux" >>${rootmnt}/etc/inittab
192 echo "T0:23:respawn:/sbin/agetty -n -l \${shell} -o '-l' -L ttyS0 9600 xterm" >>${rootmnt}/etc/inittab
195 echo "Ready to proceed by pivot_root"
199 #mkdir -p ${rootmnt}/overlay/pivot
200 #pivot_root . overlay/pivot
201 #exec chroot . sbin/init
202 exec switch_root ${rootmnt} /sbin/init
205 ) >${INITRD_DIR_ABS}/init
207 chmod 755 ${INITRD_DIR_ABS}/init
212 function build_initrd_gen_init_cpio()
218 nod /dev/tty0 644 0 0 c 4 0
219 nod /dev/tty1 644 0 0 c 4 1
220 nod /dev/tty2 644 0 0 c 4 2
221 nod /dev/tty3 644 0 0 c 4 3
222 nod /dev/tty4 644 0 0 c 4 4
223 #slink /init bin/busybox 700 0 0
227 dir /mnt/root 755 0 0
228 dir /mnt/rootbase 755 0 0
229 dir /mnt/overlay 755 0 0
231 find ${INITRD_DIR} -mindepth 1 -type d -printf "dir /%P %m 0 0\n"
232 find ${INITRD_DIR} -type f -printf "file /%P %p %m 0 0\n"
233 find ${INITRD_DIR} -type l -printf "slink /%P %l %m 0 0\n"
236 $GEN_INIT_CPIO filelist | gzip > ${RAMDISK_ARCHIVE}
241 function build_initrd_cpio()
243 ( cd ${INITRD_DIR_ABS} && find . | cpio --quiet -H newc -o ) | gzip -9 > ${RAMDISK_ARCHIVE}
246 function run_virt_system()
248 $QEMU ${QEMU_KVM_ENABLE} \
249 -kernel ${KERNEL_IMAGE} \
250 -initrd ${RAMDISK_ARCHIVE} ${QEMU_MEMORY} \
251 -virtfs local,path=/,security_model=none,mount_tag=root \
252 -virtfs local,path=/home,security_model=none,mount_tag=home \
253 -net nic,macaddr=be:be:be:10:00:01,model=virtio,vlan=0 \
257 # -chardev can,id=canbus0,port=can0
258 # -device pci-can,chardev=canbus0,model=SJA1000
259 # -device apohw -vga cirrus
260 # -device mf624,port=55555
265 function clean_setup()
267 rm -rf ${RAMDISK_ARCHIVE} filelist ${INITRD_DIR_ABS}
270 if [ "$(whoami)" == "root" ] ; then
271 echo "$0: !!! TOO DANGEROUS TO RUN AS ROOT !!!"
275 clean_setup || exit 1
276 echo "=== setup_initrd_content ==="
277 setup_initrd_content || exit 1
278 echo "=== build_initrd ==="
279 if [ -n "${GEN_INIT_CPIO}" ] ; then
280 build_initrd_gen_init_cpio || exit 1
282 build_initrd_cpio || exit 1
284 echo "=== run_virt_system ==="
285 run_virt_system || exit 1