initrd(Initial RAM Disk) 启动流程
在initrd内部, 也可以将 systemd 用作 init程序(由"rdinit="内核引导选项指定)
一、initrd内部启动流程按照如下顺序启动
local-fs-pre.target
local-fs.target
sysinit.target
basic.target
default.target
initrd.target
仅测试systemd 用作 init程序,initrd.target后续的切换根文件系统不在此文范围
二、制作systemd 用作 init程序的initramfs关键步骤
- 在basic.target和initrd.target之间要运行各个自定义的initrd services
- 根目录存在/etc/initrd-release,并作为判断是否在initramfs内运行的依据
- default.target指向initrd.target
三、initrd.target内容参照默认的写
[Unit]
Description=Initrd Default test Target
Documentation=man:systemd.special(7)
OnFailure=emergency.target
OnFailureJobMode=replace-irreversibly
AssertPathExists=/etc/initrd-release
Requires=basic.target
#Wants=initrd-root-fs.target initrd-fs.target initrd-parse-etc.service
Wants=initrd-fs.target initrd.service
#After=initrd-root-fs.target initrd-fs.target basic.target
After=initrd-fs.target basic.target initrd.service
AllowIsolate=yes
四、initrd.target启动之前,先启动各个自定义的initrd services,如下自定义的initrd.service
initrd.service内容参照emergency.service写
[Unit]
Description=LFS Shell
#Documentation=man:sulogin(8)
DefaultDependencies=no
Conflicts=shutdown.target
Before=shutdown.target
[Service]
Environment=HOME=/root
WorkingDirectory=-/root
ExecStart=-/bin/bash
Type=idle
StandardInput=tty-force
StandardOutput=inherit
StandardError=inherit
KillMode=process
IgnoreSIGPIPE=no
SendSIGHUP=yes
By default, when starting, your system is going to launch the systemd-sulogin-shell in rescue mode, which is safe from unauthorized access.
However, you have to make sure that this file was not altered and that the system is not instructed to launch a simple shell (like /bin/sh for example).
This would result in having an unsafe single user mode, essentially having a major security breach if anyone has physical access to the machine.
测试镜像:
链接:https://pan.baidu.com/s/1A4C6aBQUNlHiB8pcI5vPJQ
提取码:xos4
参考链接:
https://blog.csdn.net/greatyoulv/article/details/120478728
http://www.jinbuguo.com/systemd/bootup.html
https://devconnected.com/single-user-mode-secure-boot-on-ubuntu-debian/