dracut-051-alt1.x86_64	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/99base/init.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/99base/init.sh # # Copyright 2008-2010, Red Hat, Inc. # Harald Hoyer <harald@redhat.com> # Jeremy Katz <katzj@redhat.com> export -p > /tmp/export.orig NEWROOT="/sysroot" [ -d $NEWROOT ] || mkdir -p -m 0755 $NEWROOT OLDPATH=$PATH -- echo "$line" >> /etc/cmdline.d/99-cmdline-ask.conf done fi if ! getargbool 1 'rd.hostonly'; then [ -f /etc/cmdline.d/99-cmdline-ask.conf ] && mv /etc/cmdline.d/99-cmdline-ask.conf /tmp/99-cmdline-ask.conf remove_hostonly_files [ -f /tmp/99-cmdline-ask.conf ] && mv /tmp/99-cmdline-ask.conf /etc/cmdline.d/99-cmdline-ask.conf fi # run scriptlets to parse the command line make_trace_mem "hook cmdline" '1+:mem' '1+:iomem' '3+:slab' getarg 'rd.break=cmdline' -d 'rdbreak=cmdline' && emergency_shell -n cmdline "Break before cmdline" -- :;; *) unset "$i";; esac done . /tmp/export.orig 2>/dev/null || : rm -f -- /tmp/export.orig initargs="" read CLINE </proc/cmdline if getarg init= >/dev/null ; then ignoreargs="console BOOT_IMAGE" Found error in /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh set -f for filter in $filters; do echo "${filter} @${server}" done ) #echo "*.* /tmp/syslog" } [ -f /tmp/syslog.type ] && read type < /tmp/syslog.type [ -f /tmp/syslog.server ] && read server < /tmp/syslog.server [ -f /tmp/syslog.filters ] && read filters < /tmp/syslog.filters [ -z "$filters" ] && filters="kern.*" [ -f /tmp/syslog.conf ] && read conf < /tmp/syslog.conf [ -z "$conf" ] && conf="/etc/rsyslog.conf" && echo "$conf" > /tmp/syslog.conf if [ $type = "rsyslogd" ]; then template=/etc/templates/rsyslog.conf if [ -n "$server" ]; then rsyslog_config "$server" "$template" "$filters" > $conf Found error in /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/98syslog/parse-syslog-opts.sh syslogserver=$(getarg syslog.server -d syslog) syslogfilters=$(getargs syslog.filter -d filter) syslogtype=$(getarg syslog.type -d syslogtype) [ -n "$syslogserver" ] && echo $syslogserver > /tmp/syslog.server [ -n "$syslogfilters" ] && echo "$syslogfilters" > /tmp/syslog.filters if [ -n "$syslogtype" ]; then echo "$syslogtype" > /tmp/syslog.type else syslogtype=$(detect_syslog) echo $syslogtype > /tmp/syslog.type fi Found error in /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh [ -f "/etc/nvme/hostid" ] || exit 0 if [ -f "/etc/nvme/discovery.conf" ] ; then /sbin/initqueue --settled --onetime --unique --name nvme-discover /usr/sbin/nvme connect-all if [ "$trtype" = "tcp" ] ; then > /tmp/net.$ifname.did-setup fi else # No nvme command line arguments present, try autodiscovery if [ "$trtype" = "fc" ] ; then /sbin/initqueue --finished --onetime --unique --name nvme-fc-autoconnect /sbin/nvmf-autoconnect.sh Found error in /usr/lib/dracut/modules.d/90dmraid/dmraid.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmraid/dmraid.sh type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh dev="$1" devenc=$(str_replace "$1" '/' '\2f') [ -e /tmp/dmraid.$devenc ] && exit 0 >/tmp/dmraid.$devenc DM_RAIDS=$(getargs rd.dm.uuid -d rd_DM_UUID=) if [ -n "$DM_RAIDS" ] || getargbool 0 rd.auto; then Found error in /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/probe-keydev.sh info "Probing $real_keydev for $keypath..." test_dev -f "$real_keydev" "$keypath" || exit 1 info "Found $keypath on $real_keydev" echo "$luksdev:$real_keydev:$keypath" >> /tmp/luks.keys Found error in /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90crypt/parse-keydev.sh fi # A keydev of '/' is treated as the initrd itself if [ "/" = "$keydev" ]; then [ -z "$luksdev" ] && luksdev='*' echo "$luksdev:$keydev:$keypath" >> /tmp/luks.keys continue elif [ -n "$keydev" ]; then udevmatch "$keydev" >&7 || { warn 'keydev incorrect!' continue Found error in /usr/lib/dracut/modules.d/04watchdog/watchdog.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/04watchdog/watchdog.sh #!/bin/sh if [ -e /dev/watchdog ]; then if [ ! -e /tmp/watchdog_timeout ]; then wdctl -s 60 /dev/watchdog >/dev/null 2>&1 > /tmp/watchdog_timeout fi info "Triggering watchdog" >/dev/watchdog else modprobe ib700wdt; 
dracut-live-051-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/parse-livenet.sh # live updates updates=$(getarg live.updates=) if [ -n "$updates" ]; then # make sure network comes up even if we're doing a local live device if [ -z "$netroot" ]; then echo > /tmp/net.ifaces fi echo "$updates" > /tmp/liveupdates.info echo '[ -e /tmp/liveupdates.done ]' > \ $hookdir/initqueue/finished/liveupdates.sh fi str_starts "$root" "live:" && liveurl="$root" str_starts "$liveurl" "live:" || return Found error in /usr/lib/dracut/modules.d/90livenet/livenetroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90livenet/livenetroot.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin RETRIES=${RETRIES:-100} SLEEP=${SLEEP:-5} [ -e /tmp/livenet.downloaded ] && exit 0 # args get passed from 40network/netroot netroot="$2" liveurl="${netroot#livenet:}" info "fetching $liveurl" -- sleep $SLEEP fi i=$((i + 1)) done > /tmp/livenet.downloaded # TODO: couldn't dmsquash-live-root handle this? if [ ${imgfile##*.} = "iso" ]; then root=$(losetup -f) losetup $root $imgfile Found error in /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/iso-scan.sh do_iso_scan() { local _name local dev for dev in /dev/disk/by-uuid/*; do _name=$(dev_unit_name "$dev") [ -e /tmp/isoscan-${_name} ] && continue > /tmp/isoscan-${_name} mount -t auto -o ro "$dev" "/run/initramfs/isoscan" || continue if [ -f "/run/initramfs/isoscan/$isofile" ]; then losetup -f "/run/initramfs/isoscan/$isofile" ln -s $dev /run/initramfs/isoscandev rm -f -- "$job" Found error in /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/90dmsquash-live/dmsquash-live-root.sh command -v unpack_archive >/dev/null || . /lib/img-lib.sh PATH=/usr/sbin:/usr/bin:/sbin:/bin if getargbool 0 rd.live.debug -n -y rdlivedebug; then exec > /tmp/liveroot.$$.out exec 2>> /tmp/liveroot.$$.out set -x fi [ -z "$1" ] && exit 1 livedev="$1"; 
dracut-network-051-alt1.noarch	unsafe-tmp-usage-in-scripts	fail	The test discovered scripts with errors which may be used by a user for damaging important system files. For example if a script uses in its work a temp file which is created in /tmp directory, then every user can create symlinks with the same name (pattern) in this directory in order to destroy or rewrite some system or another user's files. Scripts _must_ _use_ mktemp/tempfile or must use $TMPDIR. mktemp/tempfile is safest. $TMPDIR is safer than /tmp/ because libpam-tmpdir creates a subdirectory of /tmp that is only accessible by that user, and then sets TMPDIR and other variables to that. Hence, it doesn't matter nearly as much if you create a non-random filename, because nobody but you can access it. Found error in /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/parse-iscsiroot.sh [ -z "$netroot" ] && netroot=iscsi: fi modprobe -b -q iscsi_boot_sysfs 2>/dev/null modprobe -b -q iscsi_ibft # if no ip= is given, but firmware echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-firmware' ]" > $hookdir/initqueue/finished/iscsi_started.sh initqueue --unique --online /sbin/iscsiroot online "iscsi:" "$NEWROOT" initqueue --unique --onetime --timeout /sbin/iscsiroot timeout "iscsi:" "$NEWROOT" initqueue --unique --onetime --settled /sbin/iscsiroot online "iscsi:" "'$NEWROOT'" fi -- sleep 1 fi fi # If not given on the cmdline and initiator-name available via iBFT if [ -z $iscsi_initiator ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name) if [ -n "$iscsi_initiator" ]; then echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- for nroot in $(getargs netroot); do [ "${nroot%%:*}" = "iscsi" ] || continue type parse_iscsi_root >/dev/null 2>&1 || . /lib/net-lib.sh parse_iscsi_root "$nroot" || return 1 netroot_enc=$(str_replace "$nroot" '/' '\2f') echo "${DRACUT_SYSTEMD+systemctl is-active initrd-root-device.target || }[ -f '/tmp/iscsistarted-$netroot_enc' ]" > $hookdir/initqueue/finished/iscsi_started.sh done # Done, all good! rootok=1 Found error in /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/95iscsi/iscsiroot.sh modprobe crc32c 2>/dev/null # start iscsiuio if needed if [ -z "${DRACUT_SYSTEMD}" ] && \ ( [ -e /sys/module/bnx2i ] || [ -e /sys/module/qedi ] ) && \ ! [ -e /tmp/iscsiuio-started ]; then iscsiuio > /tmp/iscsiuio-started fi handle_firmware() { -- # the iSCSI sessions will still be present. if ! iscsiadm -m fw; then warn "iscsiadm: Could not get list of targets from firmware." else ifaces=$(set -- /sys/firmware/ibft/ethernet*; echo $#) retry=$(cat /tmp/session-retry) if [ $retry -lt $ifaces ]; then retry=$((retry+1)) echo $retry > /tmp/session-retry return 1 else rm /tmp/session-retry fi if ! iscsiadm -m fw -l; then warn "iscsiadm: Log-in to iscsi target failed" else need_shutdown fi fi [ -d /sys/class/iscsi_session ] || return 1 echo 'started' > "/tmp/iscsistarted-iscsi:" echo 'started' > "/tmp/iscsistarted-firmware" return 0 } -- # XXX is this needed? getarg ro && iscsirw=ro getarg rw && iscsirw=rw fsopts=${fsopts:+$fsopts,}${iscsirw} if [ -z "$iscsi_initiator" ] && [ -f /sys/firmware/ibft/initiator/initiator-name ] && ! [ -f /tmp/iscsi_set_initiator ]; then iscsi_initiator=$(while read line || [ -n "$line" ]; do echo $line;done < /sys/firmware/ibft/initiator/initiator-name) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- iscsi_initiator=$(iscsi-iname) echo "InitiatorName=$iscsi_initiator" > /run/initiatorname.iscsi rm -f /etc/iscsi/initiatorname.iscsi mkdir -p /etc/iscsi ln -fs /run/initiatorname.iscsi /etc/iscsi/initiatorname.iscsi > /tmp/iscsi_set_initiator if [ -n "$DRACUT_SYSTEMD" ]; then systemctl try-restart iscsid # FIXME: iscsid is not yet ready, when the service is :-/ sleep 1 fi -- return 1 fi > $hookdir/initqueue/work netroot_enc=$(str_replace "$1" '/' '\2f') echo 'started' > "/tmp/iscsistarted-iscsi:${netroot_enc}" return 0 } ret=0 -- sleep 2 fi if getargbool 0 rd.iscsi.firmware -d -y iscsi_firmware ; then if [ "$netif" = "timeout" ] || [ "$netif" = "online" ] || [ "$netif" = "dummy" ]; then [ -f /tmp/session-retry ] || echo 1 > /tmp/session-retry handle_firmware ret=$? fi fi Found error in /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/45ifcfg/write-ifcfg.sh #!/bin/sh # NFS root might have reached here before /tmp/net.ifaces was written type is_persistent_ethernet_name >/dev/null 2>&1 || . /lib/net-lib.sh udevadm settle --timeout=30 mkdir -m 0755 -p /tmp/ifcfg/ mkdir -m 0755 -p /tmp/ifcfg-leases/ get_config_line_by_subchannel() { local CHANNEL local line -- fi echo "DEVICE=\"$_netif\"" } for netup in /tmp/net.*.did-setup ; do [ -f $netup ] || continue netif=${netup%%.did-setup} netif=${netif##*/net.} strglobin "$netif" ":*:*:*:*:" && continue [ -e /tmp/ifcfg/ifcfg-$netif ] && continue unset bridge unset bond unset bondslaves unset bondname unset bondoptions -- unset ethname unset vlan unset vlanname unset phydevice [ -e /tmp/bond.${netif}.info ] && . /tmp/bond.${netif}.info [ -e /tmp/bridge.${netif}.info ] && . /tmp/bridge.${netif}.info [ -e /tmp/team.${netif}.info ] && . /tmp/team.${netif}.info uuid=$(cat /proc/sys/kernel/random/uuid) if [ "$netif" = "$bridgename" ]; then bridge=yes elif [ "$netif" = "$teammaster" ]; then -- elif [ "$netif" = "$bondname" ]; then # $netif can't be bridge and bond at the same time bond=yes fi for i in /tmp/vlan.${netif}.*; do [ ! -e "$i" ] && continue . "$i" vlan=yes break done -- [ -z "$vlan" ] && interface_bind "$netif" "$macaddr" echo "ONBOOT=yes" echo "NETBOOT=yes" echo "UUID=\"$uuid\"" strstr "$(ip -6 addr show dev $netif)" 'inet6' && echo "IPV6INIT=yes" if [ -f /tmp/dhclient.$netif.lease ]; then [ -f /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts if [ -f /tmp/net.$netif.has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=dhcp" fi cp /tmp/dhclient.$netif.lease /tmp/ifcfg-leases/dhclient-$uuid-$netif.lease else # If we've booted with static ip= lines, the override file is there [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override if strglobin "$ip" '*:*:*'; then echo "IPV6INIT=yes" echo "IPV6_AUTOCONF=no" echo "IPV6ADDR=\"$ip/$mask\"" else if [ -f /tmp/net.$netif.has_ibft_config ]; then echo "BOOTPROTO=ibft" else echo "BOOTPROTO=none" echo "IPADDR=\"$ip\"" if strstr "$mask" "."; then -- elif [ -n "$gw" ]; then echo "GATEWAY=\"$gw\"" fi fi [ -n "$mtu" ] && echo "MTU=\"$mtu\"" } > /tmp/ifcfg/ifcfg-$netif # bridge needs different things written to ifcfg if [ -z "$bridge" ] && [ -z "$bond" ] && [ -z "$vlan" ] && [ -z "$team" ]; then # standard interface echo "TYPE=Ethernet" >> /tmp/ifcfg/ifcfg-$netif fi if [ -n "$vlan" ] ; then { echo "TYPE=Vlan" echo "DEVICE=\"$netif\"" echo "VLAN=yes" echo "PHYSDEV=\"$phydevice\"" } >> /tmp/ifcfg/ifcfg-$netif fi if [ -n "$bond" ] ; then # bond interface { # This variable is an indicator of a bond interface for initscripts echo "BONDING_OPTS=\"$bondoptions\"" echo "NAME=\"$netif\"" echo "TYPE=Bond" } >> /tmp/ifcfg/ifcfg-$netif for slave in $bondslaves ; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" -- echo "NETBOOT=yes" echo "SLAVE=yes" echo "MASTER=\"$netif\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr [ -e /tmp/net.$slave.override ] && . /tmp/net.$slave.override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-$slave done fi if [ -n "$bridge" ] ; then # bridge { echo "TYPE=Bridge" echo "NAME=\"$netif\"" } >> /tmp/ifcfg/ifcfg-$netif for slave in $bridgeslaves ; do # write separate ifcfg file for the raw eth interface ( echo "# Generated by dracut initrd" echo "NAME=\"$slave\"" -- echo "ONBOOT=yes" echo "NETBOOT=yes" echo "BRIDGE=\"$bridgename\"" echo "UUID=\"$(cat /proc/sys/kernel/random/uuid)\"" unset macaddr [ -e /tmp/net.$slave.override ] && . /tmp/net.$slave.override interface_bind "$slave" "$macaddr" ) >> /tmp/ifcfg/ifcfg-$slave done fi i=1 for ns in $(getargs nameserver) $dns1 $dns2; do echo "DNS${i}=\"${ns}\"" >> /tmp/ifcfg/ifcfg-$netif i=$((i+1)) done [ -f /tmp/net.route6."$netif" ] && cp /tmp/net.route6."$netif" /tmp/ifcfg/route6-"$netif" [ -f /tmp/net.route."$netif" ] && cp /tmp/net.route."$netif" /tmp/ifcfg/route-"$netif" done # Pass network opts mkdir -m 0755 -p /run/initramfs/state/etc/sysconfig/network-scripts mkdir -m 0755 -p /run/initramfs/state/var/lib/dhclient echo "files /etc/sysconfig/network-scripts" >> /run/initramfs/rwtab echo "files /var/lib/dhclient" >> /run/initramfs/rwtab { cp /tmp/net.* /run/initramfs/ for i in /tmp/net.*.resolv.conf; do [ -f "$i" ] && cat "$i" done | awk '!($0 in a) { a[$0]; print }' > /run/initramfs/state/etc/resolv.conf [ -s /run/initramfs/state/etc/resolv.conf ] || rm -f /run/initramfs/state/etc/resolv.conf copytree /tmp/ifcfg /run/initramfs/state/etc/sysconfig/network-scripts cp /tmp/ifcfg-leases/* /run/initramfs/state/var/lib/dhclient } > /dev/null 2>&1 Found error in /usr/lib/dracut/modules.d/40network/net-lib.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/net-lib.sh } # list the configured interfaces configured_ifaces() { local IFACES="" iface_id="" rv=1 [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces if { pidof udevd || pidof systemd-udevd; } > /dev/null; then for iface_id in $IFACES; do echo $(iface_name $iface_id) rv=0 done -- return $rv } all_ifaces_up() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net.$iface.up ] || return 1 done } all_ifaces_setup() { local iface="" IFACES="" [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces for iface in $IFACES; do [ -e /tmp/net.$iface.did-setup ] || return 1 done } get_netroot_ip() { local prefix="" server="" rest="" -- local netif="$1" # ip down/flush ensures that routing info goes away as well ip link set $netif down ip addr flush dev $netif echo "#empty" > /etc/resolv.conf rm -f -- /tmp/net.$netif.did-setup [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ rm -f -- /tmp/net.$(cat /sys/class/net/$netif/address).did-setup # TODO: send "offline" uevent? } setup_net() { local netif="$1" f="" gw_ip="" netroot_ip="" iface="" IFACES="" local _p [ -e /tmp/net.$netif.did-setup ] && return [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && return [ -e "/tmp/net.ifaces" ] && read IFACES < /tmp/net.ifaces [ -z "$IFACES" ] && IFACES="$netif" # run the scripts written by ifup [ -e /tmp/net.$netif.hostname ] && . /tmp/net.$netif.hostname [ -e /tmp/net.$netif.override ] && . /tmp/net.$netif.override [ -e /tmp/dhclient.$netif.dhcpopts ] && . /tmp/dhclient.$netif.dhcpopts # set up resolv.conf [ -e /tmp/net.$netif.resolv.conf ] && \ awk '!array[$0]++' /tmp/net.$netif.resolv.conf > /etc/resolv.conf [ -e /tmp/net.$netif.gw ] && . /tmp/net.$netif.gw # add static route for _p in $(getargs rd.route); do route_to_var "$_p" || continue [ -n "$route_dev" ] && [ "$route_dev" != "$netif" ] && continue ip route add "$route_mask" ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev} if strstr "$route_mask" ":"; then printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route6."$netif" else printf -- "%s\n" "$route_mask ${route_gw:+via $route_gw} ${route_dev:+dev $route_dev}" \ > /tmp/net.route."$netif" fi done # If a static route was necessary to reach the gateway, the # first gateway setup call will have failed with # RTNETLINK answers: Network is unreachable # Replace the default route again after static routes to cover # this scenario. [ -e /tmp/net.$netif.gw ] && . /tmp/net.$netif.gw # Handle STP Timeout: arping the default gateway. # (or the root server, if a) it's local or b) there's no gateway.) # Note: This assumes that if no router is present the # root server is on the same subnet. -- arping -q -f -w 60 -I $netif $dest || info "Resolving $dest via ARP on $netif failed" fi fi unset layer2 > /tmp/net.$netif.did-setup [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ > /tmp/net.$(cat /sys/class/net/$netif/address).did-setup } save_netinfo() { local netif="$1" IFACES="" f="" i="" [ -e /tmp/net.ifaces ] && read IFACES < /tmp/net.ifaces # Add $netif to the front of IFACES (if it's not there already). set -- "$netif" for i in $IFACES; do [ "$i" != "$netif" ] && set -- "$@" "$i"; done IFACES="$*" for i in $IFACES; do for f in /tmp/dhclient.$i.*; do [ -f $f ] && cp -f $f /tmp/net.${f#/tmp/dhclient.} done done echo $IFACES > /tmp/.net.ifaces.new mv /tmp/.net.ifaces.new /tmp/net.ifaces } set_ifname() { local name="$1" mac="$2" num=-1 n="" # if it's already set, return the existing name -- [ -e ${iface}/mac ] || continue mac=$(read a < ${iface}/mac; echo $a) [ -z "$mac" ] && continue dev=$(set_ifname ibft $mac) [ -e /tmp/net.${dev}.has_ibft_config ] && continue [ -e ${iface}/flags ] && flags=$(read a < ${iface}/flags; echo $a) # Skip invalid interfaces (( $flags & 1 )) || continue # Skip interfaces not used for booting unless using multipath -- vlan=$(read a < ${iface}/vlan; echo $a) if [ "$vlan" -ne "0" ]; then case "$vlan" in [0-9]*) echo "vlan=$dev.$vlan:$dev" echo $mac > /tmp/net.${dev}.${vlan}.has_ibft_config ;; *) echo "vlan=$vlan:$dev" echo $mac > /tmp/net.${vlan}.has_ibft_config ;; esac else echo $mac > /tmp/net.${dev}.has_ibft_config fi else echo $mac > /tmp/net.${dev}.has_ibft_config fi done ) >> /etc/cmdline.d/40-ibft.conf } Found error in /usr/lib/dracut/modules.d/40network/ifname-genrules.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/40network/ifname-genrules.sh { for p in $(getargs ifname=); do parse_ifname_opts $p if [ -f /tmp/ifname-$ifname_mac ]; then read oldif < /tmp/ifname-$ifname_mac fi if [ -f /tmp/ifname-$ifname_if ]; then read oldmac < /tmp/ifname-$ifname_if fi if [ -n "$oldif" -a -n "$oldmac" -a "$oldif" = "$ifname_if" -a "$oldmac" = "$ifname_mac" ]; then # skip same ifname= declaration continue fi [ -n "$oldif" ] && warn "Multiple interface names specified for MAC $ifname_mac: $oldif" [ -n "$oldmac" ] && warn "Multiple MAC specified for $ifname_if: $oldmac" printf 'SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="%s", ATTR{type}=="1", NAME="%s"\n' "$ifname_mac" "$ifname_if" echo $ifname_if > /tmp/ifname-$ifname_mac echo $ifname_mac > /tmp/ifname-$ifname_if done } >> /etc/udev/rules.d/80-ifname.rules Found error in /usr/lib/dracut/modules.d/35network-wicked/wicked-config.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-wicked/wicked-config.sh #!/bin/sh getcmdline > /tmp/cmdline.$$.conf wicked show-config --ifconfig dracut:cmdline:/tmp/cmdline.$$.conf > /tmp/dracut.xml rm -f /tmp/cmdline.$$.conf Found error in /usr/lib/dracut/modules.d/35network-manager/nm-run.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-manager/nm-run.sh for _i in /sys/class/net/ens19 /sys/class/net/lo do state=/run/NetworkManager/devices/$(cat $_i/ifindex) grep -q connection-uuid= $state 2>/dev/null || continue ifname=${_i##*/} sed -n 's/root-path/new_root_path/p;s/next-server/new_next_server/p' <$state >/tmp/dhclient.$ifname.dhcpopts source_hook initqueue/online $ifname /sbin/netroot $ifname done > /tmp/nm.done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh unset phydevice if [ ! "$vlan" = "vlan" ]; then parsevlan "$vlan" fi echo "phydevice=\"$phydevice\"" > /tmp/vlan.${phydevice}.phy { echo "vlanname=\"$vlanname\"" echo "phydevice=\"$phydevice\"" } > /tmp/vlan.${vlanname}.${phydevice} done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-team.sh unset teamslaves unset teamrunner parseteam "$team" || continue echo "teammaster=$teammaster" > /tmp/team.${teammaster}.info echo "teamslaves=\"$teamslaves\"" >> /tmp/team.${teammaster}.info echo "teamrunner=\"$teamrunner\"" >> /tmp/team.${teammaster}.info if ! [ -e /etc/teamd/${teammaster}.conf ]; then warn "Team master $teammaster specified, but no /etc/teamd/$teammaster.conf present. Using $teamrunner." mkdir -p /etc/teamd printf -- "%s" "{\"runner\": {\"name\": \"$teamrunner\"}, \"link_watch\": {\"name\": \"ethtool\"}}" > "/tmp/${teammaster}.conf" fi done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh IFACES="${IFACES%$BOOTDEV*} ${IFACES#*$BOOTDEV}" IFACES="$BOOTDEV $IFACES" fi # Store BOOTDEV and IFACES for later use [ -n "$BOOTDEV" ] && echo $BOOTDEV > /tmp/net.bootdev [ -n "$IFACES" ] && echo $IFACES > /tmp/net.ifaces Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh # Simple default bridge if [ -z "$bridgename" ]; then bridgename=br0 bridgeslaves=$iface fi echo "bridgename=$bridgename" > /tmp/bridge.${bridgename}.info echo "bridgeslaves=\"$bridgeslaves\"" >> /tmp/bridge.${bridgename}.info done Found error in /usr/lib/dracut/modules.d/35network-legacy/parse-bond.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/parse-bond.sh bondname=bond0 bondslaves="eth0 eth1" fi # Make it suitable for initscripts export bondoptions=$(str_replace "$bondoptions" ";" ",") echo "bondname=$bondname" > /tmp/bond.${bondname}.info echo "bondslaves=\"$bondslaves\"" >> /tmp/bond.${bondname}.info echo "bondoptions=\"$bondoptions\"" >> /tmp/bond.${bondname}.info echo "bondmtu=\"$bondmtu\"" >> /tmp/bond.${bondname}.info done Found error in /usr/lib/dracut/modules.d/35network-legacy/ifup.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/ifup.sh local _COUNT=0 local _timeout=$(getargs rd.net.timeout.dhcp=) local _DHCPRETRY=$(getargs rd.net.dhcp.retry=) _DHCPRETRY=${_DHCPRETRY:-1} [ -e /tmp/dhclient.$netif.pid ] && return 0 if ! iface_has_carrier $netif; then warn "No carrier detected on interface $netif" return 1 fi -- dhclient "$@" \ ${_timeout:+--timeout $_timeout} \ -q \ -1 \ -cf /etc/dhclient.conf \ -pf /tmp/dhclient.$netif.pid \ -lf /tmp/dhclient.$netif.lease \ $netif \ && return 0 _COUNT=$(($_COUNT+1)) [ $_COUNT -lt $_DHCPRETRY ] && sleep 1 done warn "dhcp for interface $netif failed" # nuke those files since we failed; we might retry dhcp again if it's e.g. # `ip=dhcp,dhcp6` and we check for the PID file at the top rm -f /tmp/dhclient.$netif.{pid,lease} return 1 } load_ipv6() { [ -d /proc/sys/net/ipv6 ] && return -- echo 1 > /proc/sys/net/ipv6/conf/$netif/accept_redirects linkup $netif wait_for_ipv6_auto $netif ret=$? [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname return $ret } # Handle static ip configuration -- fi ip addr flush dev $netif ip addr add $ip/$mask ${srv:+peer $srv} brd + dev $netif fi [ -n "$gw" ] && echo ip route replace default via $gw dev $netif > /tmp/net.$netif.gw [ -n "$hostname" ] && echo "echo $hostname > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname return 0 } get_vid() { -- ;; esac } # check, if we need VLAN's for this interface if [ -z "$DO_VLAN_PHY" ] && [ -e /tmp/vlan.${netif}.phy ]; then unset DO_VLAN NO_AUTO_DHCP=yes DO_VLAN_PHY=yes ifup "$netif" modprobe -b -q 8021q for i in /tmp/vlan.*.${netif}; do [ -e "$i" ] || continue unset vlanname unset phydevice . "$i" if [ -n "$vlanname" ]; then -- done exit 0 fi # Check, if interface is VLAN interface if ! [ -e /tmp/vlan.${netif}.phy ]; then for i in /tmp/vlan.${netif}.*; do [ -e "$i" ] || continue export DO_VLAN=yes break done fi # bridge this interface? if [ -z "$NO_BRIDGE_MASTER" ]; then for i in /tmp/bridge.*.info; do [ -e "$i" ] || continue unset bridgeslaves unset bridgename . "$i" for ethname in $bridgeslaves ; do [ "$netif" != "$ethname" ] && continue NO_BRIDGE_MASTER=yes NO_AUTO_DHCP=yes ifup $ethname linkup $ethname if [ ! -e /tmp/bridge.$bridgename.up ]; then ip link add name $bridgename type bridge echo 0 > /sys/devices/virtual/net/$bridgename/bridge/forward_delay > /tmp/bridge.$bridgename.up fi ip link set dev $ethname master $bridgename ifup $bridgename exit 0 done done fi # enslave this interface to bond? if [ -z "$NO_BOND_MASTER" ]; then for i in /tmp/bond.*.info; do [ -e "$i" ] || continue unset bondslaves unset bondname . "$i" for slave in $bondslaves ; do [ "$netif" != "$slave" ] && continue # already setup [ -e /tmp/bond.$bondname.up ] && exit 0 # wait for all slaves to show up for slave in $bondslaves ; do # try to create the slave (maybe vlan or bridge) NO_BOND_MASTER=yes NO_AUTO_DHCP=yes ifup $slave -- done linkup $bondname for slave in $bondslaves ; do cat /sys/class/net/$slave/address > /tmp/net.${bondname}.${slave}.hwaddr ip link set $slave down echo "+$slave" > /sys/class/net/$bondname/bonding/slaves linkup $slave done -- if [ "${key}" = "primary" ]; then echo $value > /sys/class/net/${bondname}/bonding/$key fi done > /tmp/bond.$bondname.up NO_BOND_MASTER=yes ifup $bondname exit $? done done fi if [ -z "$NO_TEAM_MASTER" ]; then for i in /tmp/team.*.info; do [ -e "$i" ] || continue unset teammaster unset teamslaves . "$i" for slave in $teamslaves ; do [ "$netif" != "$slave" ] && continue [ -e /tmp/team.$teammaster.up ] && exit 0 # wait for all slaves to show up for slave in $teamslaves ; do # try to create the slave (maybe vlan or bridge) NO_TEAM_MASTER=yes NO_AUTO_DHCP=yes ifup $slave -- # wait for the last slave to show up exit 0 fi done if [ ! -e /tmp/team.$teammaster.up ] ; then # We shall only bring up those _can_ come up # in case of some slave is gone in active-backup mode working_slaves="" for slave in $teamslaves ; do teamdctl ${teammaster} port present ${slave} 2>/dev/null \ -- teamdctl $teammaster port add $slave done ip link set dev $teammaster up > /tmp/team.$teammaster.up NO_TEAM_MASTER=yes ifup $teammaster exit $? fi done done -- # disable manual ifup while netroot is set for simplifying our logic # in netroot case we prefer netroot to bringup $netif automaticlly [ -n "$2" -a "$2" = "-m" ] && [ -z "$netroot" ] && manualup="$2" if [ -n "$manualup" ]; then >/tmp/net.$netif.manualup rm -f /tmp/net.${netif}.did-setup else [ -e /tmp/net.${netif}.did-setup ] && exit 0 [ -z "$DO_VLAN" ] && \ [ -e /sys/class/net/$netif/address ] && \ [ -e /tmp/net.$(cat /sys/class/net/$netif/address).did-setup ] && exit 0 fi # Specific configuration, spin through the kernel command line # looking for ip= lines -- fi # Store config for later use for i in ip srv gw mask hostname macaddr mtu dns1 dns2; do eval '[ "$'$i'" ] && echo '$i'="$'$i'"' done > /tmp/net.$netif.override for autoopt in $(str_replace "$autoconf" "," " "); do case $autoopt in dhcp|on|any) do_dhcp -4 ;; -- ret=$? # setup nameserver for s in "$dns1" "$dns2" $(getargs nameserver); do [ -n "$s" ] || continue echo nameserver $s >> /tmp/net.$netif.resolv.conf done if [ $ret -eq 0 ]; then > /tmp/net.${netif}.up if [ -z "$DO_VLAN" ] && [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi # and finally, finish interface set up if there isn't already a script # to do so (which is the case in the dhcp path) if [ ! -e $hookdir/initqueue/setup_net_$netif.sh ]; then -- exit $ret fi done # no ip option directed at our interface? if [ -z "$NO_AUTO_DHCP" ] && [ ! -e /tmp/net.${netif}.up ]; then ret=1 if [ -e /tmp/net.bootdev ]; then BOOTDEV=$(cat /tmp/net.bootdev) if [ "$netif" = "$BOOTDEV" ] || [ "$BOOTDEV" = "$(cat /sys/class/net/${netif}/address)" ]; then do_dhcp ret=$? fi else -- fi fi for s in $(getargs nameserver); do [ -n "$s" ] || continue echo nameserver $s >> /tmp/net.$netif.resolv.conf done if [ "$ret" -eq 0 ] && [ -n "$(ls /tmp/leaseinfo.${netif}*)" ]; then > /tmp/net.${netif}.did-setup if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).did-setup fi fi fi exit 0 Found error in /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh: $ grep -A5 -B5 /tmp/ /usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh [ -n "$new_dhcp_lease_time" ] && lease_time=$new_dhcp_lease_time [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life [ -f /tmp/net.$netif.override ] && . /tmp/net.$netif.override # Taken from debian dhclient-script: # The 576 MTU is only used for X.25 and dialup connections # where the admin wants low latency. Such a low MTU can cause # problems with UDP traffic, among other things. As such, -- ${preferred_lft:+preferred_lft ${preferred_lft}} if [ -n "$gw" ] ; then if [ "$mask" = "255.255.255.255" ] ; then # point-to-point connection => set explicit route to gateway echo ip route add $gw dev $netif > /tmp/net.$netif.gw fi echo "$gw" | { IFS=' ' read -r main_gw other_gw echo ip route replace default via $main_gw dev $netif >> /tmp/net.$netif.gw if [ -n "$other_gw" ] ; then for g in $other_gw; do echo ip route add default via $g dev $netif >> /tmp/net.$netif.gw done fi } fi if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf if [ -n "$namesrv" ] ; then for s in $namesrv; do echo nameserver $s done fi >> /tmp/net.$netif.resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicity add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname } setup_interface6() { domain=$new_domain_name search=$(printf -- "$new_dhcp6_domain_search") -- [ -n "$new_dhcp_lease_time" ] && lease_time=$new_dhcp_lease_time [ -n "$new_max_life" ] && lease_time=$new_max_life preferred_lft=$lease_time [ -n "$new_preferred_life" ] && preferred_lft=$new_preferred_life [ -f /tmp/net.$netif.override ] && . /tmp/net.$netif.override ip -6 addr add ${new_ip6_address}/${new_ip6_prefixlen} \ dev ${netif} scope global \ ${lease_time:+valid_lft $lease_time} \ ${preferred_lft:+preferred_lft ${preferred_lft}} if getargbool 1 rd.peerdns; then [ -n "${search}${domain}" ] && echo "search $search $domain" > /tmp/net.$netif.resolv.conf if [ -n "$namesrv" ] ; then for s in $namesrv; do echo nameserver $s done fi >> /tmp/net.$netif.resolv.conf fi # Note: hostname can be fqdn OR short hostname, so chop off any # trailing domain name and explicity add any domain if set. [ -n "$hostname" ] && echo "echo ${hostname%.$domain}${domain:+.$domain} > /proc/sys/kernel/hostname" > /tmp/net.$netif.hostname } parse_option_121() { while [ $# -ne 0 ]; do mask="$1" -- unset layer2 setup_interface set | while read line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done >/tmp/dhclient.$netif.dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" if [ -n "$new_classless_static_routes" ]; then -- IFS=".$IFS" parse_option_121 $new_classless_static_routes IFS="$OLDIFS" fi echo "source_hook initqueue/online $netif" [ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > $hookdir/initqueue/setup_net_$netif.sh echo "[ -f /tmp/net.$netif.did-setup ]" > $hookdir/initqueue/finished/dhclient-$netif.sh >/tmp/net.$netif.up if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi ;; RENEW|REBIND) -- setup_interface6 set | while read line || [ -n "$line" ]; do [ "${line#new_}" = "$line" ] && continue echo "$line" done >/tmp/dhclient.$netif.dhcpopts { echo '. /lib/net-lib.sh' echo "setup_net $netif" echo "source_hook initqueue/online $netif" [ -e /tmp/net.$netif.manualup ] || echo "/sbin/netroot $netif" echo "rm -f -- $hookdir/initqueue/setup_net_$netif.sh" } > $hookdir/initqueue/setup_net_$netif.sh echo "[ -f /tmp/net.$netif.did-setup ]" > $hookdir/initqueue/finished/dhclient-$netif.sh >/tmp/net.$netif.up if [ -e /sys/class/net/${netif}/address ]; then > /tmp/net.$(cat /sys/class/net/${netif}/address).up fi ;; RENEW6|REBIND6) unset lease_time;