Open adrelanos opened 9 months ago
iam stuck with it at the moment see https://github.com/dracutdevs/dracut/issues/2659 i cant boot my system with dracut , mkinitcpio do it well
There is some risk in blindly autodetecting the root drive in the event it is not specified or cannot be found, since it's possible that an attached device could be malicious and use a filesystem bug to compromise the machine's kernel. This is probably a very rare kind of attack to have to defend against, but for security-centric distros it could be a dealbreaker. This is part of why GRUB no longer runs os-prober
by default (it has to mount things to scan them). This is a risk even if automatic boot is not done.
What might be very useful is to make an autodetect script that the user can voluntarily run from the rescue shell. The shell could then advertise this script to the user with a message such as Run 'find-root' to attempt to automatically find the root device and continue bootup.
The script could potentially be set to automatically run if configured by the user.
It might not be possible to auto-detect the root device in very complex cases (custom dual boot setups, network boot) but how about auto detection for the most common cases such as common environments set up by the Fedora or Debian installers?
Maybe dracut developers think root device auto detection bad idea? Maybe it's considered insecure as it risks booting the wrong device? If so, they probably have a valid point. Then how about auto detection of potential root devices but prompt the user before booting from an auto detected root device? Or otherwise provide more guidance than a dracut rescue shell?
That seems better to me than dropping to a dracut rescue shell. A situation most users will be stuck with.