mirror of
https://github.com/cirosantilli/linux-kernel-module-cheat.git
synced 2026-01-22 17:55:57 +01:00
I understand the shell environment 100%
This commit is contained in:
Ciro Santilli 六四事件 法轮功
56
README.adoc
56
README.adoc
@@ -2433,22 +2433,66 @@ Wait, where do `HOME` and `TERM` come from? (greps the kernel). Ah, OK, the kern
|
||||
const char *envp_init[MAX_INIT_ENVS+2] = { "HOME=/", "TERM=linux", NULL, };
|
||||
....
|
||||
|
||||
Furthermore, if you run something inside a shell:
|
||||
==== shell init environment
|
||||
|
||||
On top of the Linux kernel, the BusyBox `/bin/sh` shell will also define other variables.
|
||||
|
||||
We can explore the shenanigans that the shell adds on top of the Linux kernel with:
|
||||
|
||||
....
|
||||
./run --eval '/usr/bin/env'
|
||||
./run --kernel-cli 'init=/bin/sh'
|
||||
....
|
||||
|
||||
BusyBox also defines `SHLVL` and `PWD=`:
|
||||
From there we observe that:
|
||||
|
||||
....
|
||||
env
|
||||
....
|
||||
|
||||
gives:
|
||||
|
||||
....
|
||||
SHLVL=1
|
||||
HOME=/
|
||||
TERM=linux
|
||||
lkmc_eval=L3Vzci9iaW4vZW52
|
||||
PWD=/
|
||||
....
|
||||
|
||||
therefore adding `SHLVL` and `PWD` to the default kernel exported variables.
|
||||
|
||||
Furthermore, to increase confusion, if you list all non-exported shell variables https://askubuntu.com/questions/275965/how-to-list-all-variables-names-and-their-current-values with:
|
||||
|
||||
....
|
||||
set
|
||||
....
|
||||
|
||||
then it shows more variables, notably:
|
||||
|
||||
....
|
||||
PATH='/sbin:/usr/sbin:/bin:/usr/bin'
|
||||
....
|
||||
|
||||
Finally, login shells will source some default files, notably:
|
||||
|
||||
....
|
||||
/etc/profile
|
||||
/root/.profile
|
||||
....
|
||||
|
||||
We currently control `/root/.profile` at link:rootfs_overlay/root/.profile[], and use the default BusyBox `/etc/profile`.
|
||||
|
||||
The shell knows that it is a login shell if the first character of `argv[0]` is `-`, see also: https://stackoverflow.com/questions/2050961/is-argv0-name-of-executable-an-accepted-standard-or-just-a-common-conventi/42291142#42291142
|
||||
|
||||
When we use just `init=/bin/sh`, the Linux kernel sets `argv[0]` to `/bin/sh`, which does not start with `-`.
|
||||
|
||||
However, if you use `::respawn:-/bin/sh` on inttab described at <<tty>>, BusyBox' init sets `argv[0]` to `-`, and so does `getty`. This can be observed with:
|
||||
|
||||
....
|
||||
cat /proc/$$/cmdline
|
||||
....
|
||||
|
||||
where `$$` is the PID of the shell itself: https://stackoverflow.com/questions/21063765/get-pid-in-shell-bash
|
||||
|
||||
=== Networking
|
||||
|
||||
We disable networking by default because it starts an userland process, and we want to keep the number of userland processes to a minimum to make the system more understandable.
|
||||
@@ -5867,6 +5911,10 @@ Each `enable` under the `events/` tree enables a certain set of functions, the h
|
||||
|
||||
TODO: can you get function arguments? https://stackoverflow.com/questions/27608752/does-ftrace-allow-capture-of-system-call-arguments-to-the-linux-kernel-or-only
|
||||
|
||||
===== ftrace system calls
|
||||
|
||||
https://stackoverflow.com/questions/29840213/how-do-i-trace-a-system-call-in-linux/51856306#51856306
|
||||
|
||||
===== trace-cmd
|
||||
|
||||
TODO example:
|
||||
|
||||
@@ -5,7 +5,6 @@
|
||||
::sysinit:/bin/hostname -F /etc/hostname
|
||||
::sysinit:/etc/init.d/rcS
|
||||
::respawn:-/bin/sh
|
||||
ttyS1::respawn:-/bin/sh
|
||||
::ctrlaltdel:/sbin/reboot
|
||||
::shutdown:/etc/init.d/rcK
|
||||
::shutdown:/sbin/swapoff -a
|
||||
|
||||
Reference in New Issue
Block a user