initramfs/debian: use panic() instead of directly calling /bin/sh

Debian has a panic() function which makes it possible to disable shell
access in initramfs by setting the panic kernel parameter. Use it.

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Reviewed-by: Kash Pande <kash@tripleback.net>
Signed-off-by: Michael Niewöhner <foss@mniewoehner.de>
Closes #8448

diff --git a/contrib/initramfs/scripts/zfs.in b/contrib/initramfs/scripts/zfs.in
index 602d4c306686ede5893034f2710632087ef2e863..36b7f436c1f1cef8578f81b349ce29b0dcf2fffe 100644 (file)
--- a/contrib/initramfs/scripts/zfs.in
+++ b/contrib/initramfs/scripts/zfs.in
@@ -16,6 +16,20 @@ ZPOOL="@sbindir@/zpool"
 ZPOOL_CACHE="@sysconfdir@/zfs/zpool.cache"
 export ZFS ZPOOL ZPOOL_CACHE
 
+
+# Start interactive shell.
+# Use debian's panic() if defined, because it allows to prevent shell access
+# by setting panic in cmdline (e.g. panic=0 or panic=15).
+# See "4.5 Disable root prompt on the initramfs" of Securing Debian Manual:
+# https://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html
+shell() {
+       if type panic > /dev/null 2>&1; then
+               panic $@
+       else
+               /bin/sh
+       fi
+}
+
 # This runs any scripts that should run before we start importing
 # pools and mounting any filesystems.
 pre_mountroot()
@@ -256,7 +270,7 @@ import_pool()
                        echo ""
                        echo "Failed to import pool '$pool'."
                        echo "Manually import the pool and exit."
-                       /bin/sh
+                       shell
                fi
        fi
 
@@ -379,7 +393,7 @@ mount_fs()
                echo ""
                echo "Failed to mount ${fs} on ${rootmnt}/${mountpoint}."
                echo "Manually mount the filesystem and exit."
-               /bin/sh
+               shell
        else
                [ "$quiet" != "y" ] && zfs_log_end_msg
        fi
@@ -451,7 +465,7 @@ destroy_fs()
                echo "Failed to destroy '$fs'. Please make sure that '$fs' is not available."
                echo "Hint: Try:  zfs destroy -Rfn $fs"
                echo "If this dryrun looks good, then remove the 'n' from '-Rfn' and try again."
-               /bin/sh
+               shell
        else
                [ "$quiet" != "y" ] && zfs_log_end_msg
        fi
@@ -494,7 +508,7 @@ clone_snap()
                echo "Failed to clone snapshot."
                echo "Make sure that the any problems are corrected and then make sure"
                echo "that the dataset '$destfs' exists and is bootable."
-               /bin/sh
+               shell
        else
                [ "$quiet" != "y" ] && zfs_log_end_msg
        fi
@@ -523,7 +537,7 @@ rollback_snap()
                echo "Error: $ZFS_ERROR"
                echo ""
                echo "Failed to rollback snapshot."
-               /bin/sh
+               shell
        else
                [ "$quiet" != "y" ] && zfs_log_end_msg
        fi
@@ -684,7 +698,7 @@ mountroot()
                echo ""
                echo "Failed to load ZFS modules."
                echo "Manually load the modules and exit."
-               /bin/sh
+               shell
        fi
 
        # ------------
@@ -857,7 +871,7 @@ mountroot()
                echo "No pool imported. Manually import the root pool"
                echo "at the command prompt and then exit."
                echo "Hint: Try:  zpool import -R ${rootmnt} -N ${ZFS_RPOOL}"
-               /bin/sh
+               shell
        fi
 
        # In case the pool was specified as guid, resolve guid to name
@@ -908,7 +922,7 @@ mountroot()
                echo ""
                echo "Manually mount the root filesystem on $rootmnt and then exit."
                echo "Hint: Try:  mount -o zfsutil -t zfs ${ZFS_RPOOL-rpool}/ROOT/system $rootmnt"
-               /bin/sh
+               shell
        fi
 
        # ----------------------------------------------------------------