Merge patch series "fs: add immutable rootfs"

---------------

Rootfs is a special instance of ramfs (or tmpfs, if that's enabled), which is

always present in 2.6 systems.  You can't unmount rootfs for approximately the

same reason you can't kill the init process; rather than having special code

to check for and handle an empty list, it's smaller and simpler for the kernel

to just make sure certain lists can't become empty.

always present in 2.6 systems.  Traditionally, you can't unmount rootfs for

approximately the same reason you can't kill the init process; rather than

having special code to check for and handle an empty list, it's smaller and

simpler for the kernel to just make sure certain lists can't become empty.

However, if the kernel is booted with "nullfs_rootfs", an immutable empty

filesystem called nullfs is used as the true root, with the mutable rootfs

(tmpfs/ramfs) mounted on top of it.  This allows pivot_root() and unmounting

of the initramfs to work normally.

Most systems just mount another filesystem over rootfs and ignore it.  The

amount of space an empty instance of ramfs takes up is tiny.

    program.  See the switch_root utility, below.)

  - When switching another root device, initrd would pivot_root and then

    umount the ramdisk.  But initramfs is rootfs: you can neither pivot_root

    rootfs, nor unmount it.  Instead delete everything out of rootfs to

    free up the space (find -xdev / -exec rm '{}' ';'), overmount rootfs

    with the new root (cd /newmount; mount --move . /; chroot .), attach

    stdin/stdout/stderr to the new /dev/console, and exec the new init.

    umount the ramdisk.  Traditionally, initramfs is rootfs: you can neither

    pivot_root rootfs, nor unmount it.  Instead delete everything out of

    rootfs to free up the space (find -xdev / -exec rm '{}' ';'), overmount

    rootfs with the new root (cd /newmount; mount --move . /; chroot .),

    attach stdin/stdout/stderr to the new /dev/console, and exec the new init.

    Since this is a remarkably persnickety process (and involves deleting

    commands before you can run them), the klibc package introduced a helper

    program (utils/run_init.c) to do all this for you.  Most other packages

    (such as busybox) have named this command "switch_root".

    However, if the kernel is booted with "nullfs_rootfs", pivot_root() works

    normally from the initramfs.  Userspace can simply do::

      chdir(new_root);

      pivot_root(".", ".");

      umount2(".", MNT_DETACH);

    This is the preferred method when nullfs_rootfs is enabled.

Populating initramfs:

---------------------

		stack.o fs_struct.o statfs.o fs_pin.o nsfs.o \

		fs_dirent.o fs_context.o fs_parser.o fsopen.o init.o \

		kernel_read_file.o mnt_idmapping.o remap_range.o pidfs.o \

		file_attr.o

		file_attr.o nullfs.o

obj-$(CONFIG_BUFFER_HEAD)	+= buffer.o mpage.o

obj-$(CONFIG_PROC_FS)		+= proc_namespace.o

#include <linux/security.h>

#include "internal.h"

int __init init_pivot_root(const char *new_root, const char *put_old)

{

	struct path new_path __free(path_put) = {};

	struct path old_path __free(path_put) = {};

	int ret;

	ret = kern_path(new_root, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &new_path);

	if (ret)

		return ret;

	ret = kern_path(put_old, LOOKUP_FOLLOW | LOOKUP_DIRECTORY, &old_path);

	if (ret)

		return ret;

	return path_pivot_root(&new_path, &old_path);

}

int __init init_mount(const char *dev_name, const char *dir_name,

		const char *type_page, unsigned long flags, void *data_page)

{

int path_mount(const char *dev_name, const struct path *path,

		const char *type_page, unsigned long flags, void *data_page);

int path_umount(const struct path *path, int flags);

int path_pivot_root(struct path *new, struct path *old);

int show_path(struct seq_file *m, struct dentry *root);

#include <linux/ns_common.h>

#include <linux/fs_pin.h>

extern struct file_system_type nullfs_fs_type;

extern struct list_head notify_list;

struct mnt_namespace {