From 16457c869d3fac6a94e204f1edac1ad9fffae55a Mon Sep 17 00:00:00 2001

From: Harald Hoyer <harald@redhat.com>

Date: Tue, 20 Sep 2011 11:16:53 +0200

Subject: [PATCH] mount securityfs in a seperate dracut module

---

 modules.d/96securityfs/module-setup.sh |   15 +++++++++++++++

 modules.d/96securityfs/securityfs.sh   |   10 ++++++++++

 modules.d/98integrity/module-setup.sh  |    2 +-

 modules.d/99base/init                  |    6 ------

 4 files changed, 26 insertions(+), 7 deletions(-)

 create mode 100755 modules.d/96securityfs/module-setup.sh

 create mode 100755 modules.d/96securityfs/securityfs.sh

diff --git a/modules.d/96securityfs/module-setup.sh b/modules.d/96securityfs/module-setup.sh

new file mode 100755

index 0000000..fbe3aa3

--- /dev/null

+++ b/modules.d/96securityfs/module-setup.sh

@@ -0,0 +1,15 @@

+#!/bin/bash

+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-

+# ex: ts=8 sw=4 sts=4 et filetype=sh

+

+check() {

+    return 255

+}

+

+depends() {

+    return 0

+}

+

+install() {

+    inst_hook cmdline 60 "$moddir/securityfs.sh"

+}

diff --git a/modules.d/96securityfs/securityfs.sh b/modules.d/96securityfs/securityfs.sh

new file mode 100755

index 0000000..03ee4dd

--- /dev/null

+++ b/modules.d/96securityfs/securityfs.sh

@@ -0,0 +1,10 @@

+#!/bin/sh

+# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-

+# ex: ts=8 sw=4 sts=4 et filetype=sh

+

+SECURITYFSDIR="/sys/kernel/security"

+export SECURITYFSDIR

+

+if ! ismounted "${SECURITYFSDIR}"; then

+   mount -t securityfs -o nosuid,noexec,nodev securityfs ${SECURITYFSDIR} >/dev/null 2>&1

+fi

diff --git a/modules.d/98integrity/module-setup.sh b/modules.d/98integrity/module-setup.sh

index cab9027..7d5771c 100755

--- a/modules.d/98integrity/module-setup.sh

+++ b/modules.d/98integrity/module-setup.sh

@@ -7,7 +7,7 @@ check() {

 }

 depends() {

-    echo masterkey

+    echo masterkey securityfs

     return 0

 }

diff --git a/modules.d/99base/init b/modules.d/99base/init

index fa808ca..06d61a8 100755

--- a/modules.d/99base/init

+++ b/modules.d/99base/init

@@ -86,12 +86,6 @@ RD_DEBUG=""

 [ ! -d /sys/kernel ] && \

     mount -t sysfs -o nosuid,noexec,nodev sysfs /sys >/dev/null 2>&1

-SECURITYFSDIR="/sys/kernel/security"

-export SECURITYFSDIR

-if ! ismounted "${SECURITYFSDIR}"; then

-    mount -t securityfs -o nosuid,noexec,nodev securityfs ${SECURITYFSDIR} >/dev/null 2>&1

-fi

-

 if [ -x /lib/systemd/systemd-timestamp ]; then

     RD_TIMESTAMP=$(/lib/systemd/systemd-timestamp)

 else