Create random character devices so systemd does not crash
Systemd, depending on the version and the configuration,
can attempt to open urandom when a ramdisk boots, before
the udevd is launched to handle the devices. In particular
in FIPS mode, this can result in the ramdisk crashing.
In order to handle this, we pre-create the chracter device
files which can be statically used in the early start sequence
to allow the agent to boot and deploy.
Change-Id: I587e66a0d6b652c4aeca6fc211602d999d4641e8
(cherry picked from commit 94171f104c
)
This commit is contained in:
parent
9eb4e8c0d2
commit
7bf70725a6
@ -24,6 +24,20 @@ echo "#disabled" > ./tmp/fstab.new
|
||||
sudo mv ./tmp/fstab.new ./etc/fstab
|
||||
sudo ln -s ./sbin/init ./
|
||||
|
||||
# NOTE(TheJulia): Make a random and urandom entry to handle
|
||||
# long standing systemd bug cases where it may, depending on
|
||||
# underlying OS config/version, try to open the random number
|
||||
# generator before initializing.
|
||||
# This class of issue has appeared frquently with systemd,
|
||||
# https://github.com/systemd/systemd/issues/4167 is a commonly
|
||||
# referenced example of this behavior.
|
||||
if ! [ -a ./dev/random ]; then
|
||||
sudo mknod ./dev/random c 1 8
|
||||
fi
|
||||
if ! [ -a ./dev/urandom ]; then
|
||||
sudo mknod ./dev/urandom c 1 9
|
||||
fi
|
||||
|
||||
# Note(JayF): to anyone trying to make this more configurable in the future,
|
||||
# there are significant hurdles around shell quoting if you try to put these
|
||||
# find commands into variables for making them more configurable.
|
||||
|
@ -0,0 +1,9 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes issues with ramdisks potentially crashing when starting due to
|
||||
systemd attempting to access a random number generator before udevd has
|
||||
been launched. Depending on the mode of operation and underlying
|
||||
and configuration, i.e. in FIPS mode, the system could have crashed as
|
||||
a result. We will now always create the character devices devices, which
|
||||
can be used early in the boot sequence.
|
Loading…
Reference in New Issue
Block a user