Perimeter of the Kernal

lgrant · Tuesday at 1:32 AM

I am trying to get a handle on the perimeter of the kernel. I understand that everything that needs to run privileged is in the kernel.

But suppose someone hands me a shiny new FreeBSD kernel. What is the minimum amount of userland that I need to add in order to use it?. All I want to be able to do is login and run a program that has been magically put somewhere in the filesystem. I don't want to edit, or compile, or anything like that. Just boot up, login, and run one program.

Note: this is a thought exercise to help me understand things. I am not actually trying to do this.

Thanks.

cracauer@ · Tuesday at 1:43 AM

Only /bin/sh

ralphbsz · Tuesday at 6:44 AM

Isn't single user mode pretty much that?

SirDice · Tuesday at 8:50 AM

Login would also require getty(8), init(8) and login(1). But yeah, if you stick to single user mode I don't think you'd need anything more than a shell (or the hypothetical program).

covacat · Tuesday at 9:35 AM

login and getty have no static build by default and that adds /lib /usr/lib, ld.so
but probably your program will need that too

eseipi · Tuesday at 1:20 PM

I'm using a rescue(8)-only filesystem to experiment with the kernel in bhyve, which works by simply passing init_exec="/bin/sh" to the loader. I couldn't get the shell working without some form of init, but if there wasn't already one in rescue, a minimal script like this one would work too:

sh:

#!/bin/sh
exec /bin/sh <> /dev/console >&0 2>&1

Jose · Tuesday at 2:57 PM

covacat said:
login and getty have no static build by default and that adds /lib /usr/lib, ld.so
but probably your program will need that too

Looks like you can get away with just 5 libs:

Code:

$ ldd /usr/libexec/getty 
/usr/libexec/getty:
    libutil.so.9 => /lib/libutil.so.9 (0x16ee52e3c000)
    libc.so.7 => /lib/libc.so.7 (0x16ee53137000)
    [vdso] (0x7fffffffe650)
$ ldd /usr/bin/login
/usr/bin/login:
    libutil.so.9 => /lib/libutil.so.9 (0x2ac8419b2000)
    libpam.so.6 => /usr/lib/libpam.so.6 (0x2ac840a8f000)
    libbsm.so.3 => /usr/lib/libbsm.so.3 (0x2ac8424ec000)
    libc.so.7 => /lib/libc.so.7 (0x2ac8440bf000)
    [vdso] (0x7fffffffe650)

Here's a minimal Linux init. I wonder if it would work on Freebsd?

bakul · Tuesday at 3:22 PM

lgrant said:
this is a thought exercise to help me understand things.

How is this a thought experiment if you are asking others?

You have to do the experiment yourself!

But you can do a real experiment. As root, "mkdir foo; chroot foo /bin/sh" and fix errors until you have a working shell. Continue this way until you get it to do what you want. Another option is to attach kgdb (via serial link) to the kernel and set a breakpoint on execve syscall so that you can see the sequence of programs that get execed. This is more complicated to set up but will give a real idea of how the system boots up.

covacat · Tuesday at 3:45 PM

Jose said:
Here's a minimal Linux init. I wonder if it would work on Freebsd?

it works
but you have no console output or login (ssh works though)

i built it statically and chmoded rc +x

Perimeter of the Kernal

Administrator