upstart

Merge lp:~csurbhi/upstart/upstart-add-pivot-handling into lp:upstart

upstart-add-pivot-handling
Merge into trunk

Proposed by Surbhi Palande on 2011-06-15

Status:	Work in progress
Proposed branch:	lp:~csurbhi/upstart/upstart-add-pivot-handling
Merge into:	lp:upstart
Diff against target:	1254 lines (+972/-15) 12 files modified dbus/com.ubuntu.Upstart.xml (+7/-1) init/Makefile.am (+12/-11) init/conf.c (+35/-0) init/conf.h (+1/-0) init/control.c (+35/-0) init/control.h (+3/-0) init/events.h (+8/-1) init/paths.h (+8/-0) init/pivot.c (+616/-0) init/pivot.h (+66/-0) init/tests/test_control.c (+106/-1) util/initctl.c (+75/-1)
To merge this branch:	bzr merge lp:~csurbhi/upstart/upstart-add-pivot-handling
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Scott James Remnant		2011-06-15	Pending
Review via email: mp+64723@code.launchpad.net

Description of the change

The pivot command is used for changing the root filesystem in the initramfs from the memory based "/" to the disk based real root filesystem. This command can be issued as follows:

initctl pivot <ROOTFS> <INIT>

where ROOTFS is the root filesystem that we want to move to while in the initramfs. INIT is the first program that we wish to execute once this move to the real root filesystem is made.

This command is intended to be used when upstart is executed in initramfs for making the initramfs event driven.

It is assumed that a user can specify a different ROOTFS, INIT or arguments to this new INIT at the grub command prompt. The console used for logging the messages is /dev/console and is a not a boot argument which can be changed.

This command has no effect when it is executed from a non memory based root filesystem.

This change shall enable upstart to be used as init in the initramfs for making the initramfs event driven. Please do let me know your thoughts on this change.

Thanks!

lp:~csurbhi/upstart/upstart-add-pivot-handling updated on 2011-07-15

1316. By Surbhi Palande on 2011-06-27

Initial support to handle a new initctl command: pivot.
Usage: initctl pivot <ROOTFS> <INIT>" "<args>"

This command can be used to change the root filesystem from a initramfs
based rootfs to the new requested <ROOTFS>. On successfully changing the root
filesystem the new <INIT> shall be executed. On failure in handling this
command a pivot-failed event is emitted. This command works as intended
only when fired from initramfs. When fired from any other filesystem, this
command has no effect other than the emission of the "pivot-failed" event.

1317. By Surbhi Palande on 2011-07-15

Some cleanup related fixes. Expecting one or two more!

1318. By Surbhi Palande on 2011-07-15

One more typo fix

Unmerged revisions

1318. By Surbhi Palande on 2011-07-15

One more typo fix

1317. By Surbhi Palande on 2011-07-15

Some cleanup related fixes. Expecting one or two more!

1316. By Surbhi Palande on 2011-06-27

Initial support to handle a new initctl command: pivot.
Usage: initctl pivot <ROOTFS> <INIT>" "<args>"

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Surbhi Palande

Tuomo Tanskanen

Upstart Developers

Upstart Reviewers

 === modified file 'dbus/com.ubuntu.Upstart.xml'
 --- dbus/com.ubuntu.Upstart.xml	2010-12-10 07:18:34 +0000
 +++ dbus/com.ubuntu.Upstart.xml	2011-07-15 17:51:29 +0000
@@ -3,7 +3,7 @@
       com.ubuntu.Upstart.xml - interface definition for manager object
--     Copyright © 2009 Canonical Ltd.
++     Copyright © 2009-2011 Canonical Ltd.
       Author: Scott James Remnant <scott@netsplit.com>.
       This file is free software; Canonical Ltd gives unlimited permission
@@ -57,6 +57,12 @@
        <arg name="file" type="h" direction="in" />
      </method>
++    <!-- Pivot to new rootfs and execute new init -->
++    <method name="PivotToNewRootfs">
++      <arg name="rootfs" type="s" direction="in" />
++      <arg name="init" type="s" direction="in" />
++    </method>
++
      <!-- Basic information about Upstart -->
      <property name="version" type="s" access="read" />
      <property name="log_priority" type="s" access="readwrite" />
 === modified file 'init/Makefile.am'
 --- init/Makefile.am	2011-05-15 12:53:17 +0000
 +++ init/Makefile.am	2011-07-15 17:51:29 +0000
@@ -51,6 +51,7 @@
  	parse_conf.c parse_conf.h \
  	conf.c conf.h \
  	control.c control.h \
++	pivot.c pivot.h \
  	errors.h
  nodist_init_SOURCES = \
  	$(com_ubuntu_Upstart_OUTPUTS) \
@@ -159,7 +160,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -171,7 +172,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -183,7 +184,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -195,7 +196,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -207,7 +208,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -219,7 +220,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -231,7 +232,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -243,7 +244,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -255,7 +256,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -267,7 +268,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
@@ -279,7 +280,7 @@
  	system.o environ.o process.o \
  	job_class.o job_process.o job.o event.o event_operator.o blocked.o \
  	parse_job.o parse_conf.o conf.o control.o \
--	session.o \
++	session.o pivot.o \
  	com.ubuntu.Upstart.o \
  	com.ubuntu.Upstart.Job.o com.ubuntu.Upstart.Instance.o \
  	$(NIH_LIBS) \
 === modified file 'init/conf.c'
 --- init/conf.c	2011-06-06 17:05:11 +0000
 +++ init/conf.c	2011-07-15 17:51:29 +0000
@@ -1186,6 +1186,41 @@
  	return NULL;
+ }
++/*
++ * delete_conf_watches:
++ *
++ * This function is called to delete the notification handlers registered
++ * against the configuration directories/files.
++ */
++void delete_conf_watches ()
++{
++	NihList * watches;
++	NihWatch * watch;
++	NihWatchHandle *handle;
++	NIH_LIST_FOREACH (conf_sources, iter) {
++		ConfSource *source = (ConfSource *) iter;
++		if (! source)
++			return;
++		if(source->path) {
++			nih_debug ("freeing source for path: %s", source->path);
++		}
++		/* remove the notification watches */
++		watch = source->watch;
++		if (watch) {
++			watches = & (watch->watches);
++			if (watches) {
++				NIH_LIST_FOREACH (watches, wh) {
++					handle = (NihWatchHandle *)wh;
++					inotify_rm_watch (watch->fd, handle->wd);
++				}
++			}
++			close (watch->fd);
++			nih_free (source);
++		}
++	}
++}
++
++
  #ifdef DEBUG
  size_t
 === modified file 'init/conf.h'
 --- init/conf.h	2011-06-06 12:52:08 +0000
 +++ init/conf.h	2011-07-15 17:51:29 +0000
@@ -129,6 +129,7 @@
  char *toggle_conf_name         (const void *parent, const char *path)
  	__attribute__ ((warn_unused_result, malloc));
++void delete_conf_watches       (void);
  #ifdef DEBUG
 === modified file 'init/control.c'
 --- init/control.c	2011-06-15 13:20:41 +0000
 +++ init/control.c	2011-07-15 17:51:29 +0000
@@ -54,6 +54,7 @@
  #include "conf.h"
  #include "control.h"
  #include "errors.h"
++#include "pivot.h"
  #include "com.ubuntu.Upstart.h"
@@ -613,6 +614,40 @@
  	return 0;
+ }
++/**
++ * control_pivot_to_new_rootfs:
++ * @data: not used,
++ * @message: D-Bus connection and message received,
++ * @rootfs: dir to chroot to
++ * @init: new init to spawn on chrooting to rootfs
++ * This shall be filled in by pivot_to_new_rootfs ()
++ *
++ * Called to change the root filesystem to a requested @rootfs, after which the
++ * requested @init should be executed. This function changes the root
++ * filesystem only when "/" is on initramfs and the @rootfs is the real rootfs
++ * to be switched to. On changing the root filesystem as requested, this
++ * function releases memory by deleting the contents of the memory based
++ * initramfs before executing @init. If @rootfs or @init are not valid, the
++ * org.freedesktop.DBus.Error.InvalidArg error will be returned immediately.
++ * If this function fails before freeing the contents of the initramfs then
++ * the pivot_failed event is generated. If this function fails after the
++ * contents of the initramfs have been freed then failure handling is no more
++ * possible.
++ *
++ * Returns: does not return on success, negative value on raised error.
++ **/
++int
++control_pivot_to_new_rootfs (void            *data,
++			     NihDBusMessage  *message,
++			     const char      *rootfs,
++			     const char      *init)
++{
++	nih_assert (message != NULL);
++	nih_assert (rootfs != NULL);
++	nih_assert (init != NULL);
++
++	return pivot_to_new_rootfs (message, rootfs, init);
++}
  /**
   * control_get_version:
 === modified file 'init/control.h'
 --- init/control.h	2011-06-06 17:05:11 +0000
 +++ init/control.h	2011-07-15 17:51:29 +0000
@@ -72,6 +72,9 @@
  				   const char *name, char * const *env,
  				   int wait)
  	__attribute__ ((warn_unused_result));
++int control_pivot_to_new_rootfs	  (void *data, NihDBusMessage *message,
++				   const char *rootfs, const char *init)
++	__attribute__ ((warn_unused_result));
  int  control_emit_event_with_file (void *data, NihDBusMessage *message,
  				   const char *name, char * const *env,
  				   int wait, int file)
 === modified file 'init/events.h'
 --- init/events.h	2009-06-23 09:29:35 +0000
 +++ init/events.h	2011-07-15 17:51:29 +0000
@@ -1,6 +1,6 @@
  /* upstart
+  *
-- * Copyright © 2009 Canonical Ltd.
++ * Copyright © 2009-2011 Canonical Ltd.
   * Author: Scott James Remnant <scott@netsplit.com>.
+  *
   * This program is free software; you can redistribute it and/or modify
@@ -93,5 +93,12 @@
   **/
  #define JOB_STOPPED_EVENT "stopped"
++/**
++ * PIVOT_FAILED_EVENT:
++ *
++ * Name of the event we generate once the pivot event fails to change the
++ * root filesystem.
++ **/
++#define PIVOT_FAILED_EVENT "pivot-failed"
  #endif /* INIT_EVENTS_H */
 === modified file 'init/paths.h'
 --- init/paths.h	2011-06-06 12:52:08 +0000
 +++ init/paths.h	2011-07-15 17:51:29 +0000
@@ -177,4 +177,12 @@
  	(IS_CONF_EXT_STD(period) || \
  	 IS_CONF_EXT_OVERRIDE(period))
++/**
++ * Kernel command line arguments path
++ *
++ * This file stores the kernel command line arguments which are read for
++ * executing a new requested init using the pivot command from initramfs.
++ **/
++#define PROC_CMDLINE "/proc/cmdline"
++
  #endif /* INIT_PATHS_H */
 === added file 'init/pivot.c'
 --- init/pivot.c	1970-01-01 00:00:00 +0000
 +++ init/pivot.c	2011-07-15 17:51:29 +0000
@@ -0,0 +1,616 @@
++/* upstart
++ *
++ * pivot.c - Pivot command handling
++ *
++ * Copyright © 2011 Canonical Ltd.
++ * Author: Surbhi A. Palande <surbhi.palande@ubuntu.com>.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2, as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++ */
++
++#include "pivot.h"
++#include "conf.h"
++
++/*
++ * @get_complete_path:
++ *
++ * @dirname: absolute path of the parent directory.
++ * @dirent_name: name of the directory entry whose full path is constructed by
++ * using the parent directories absolute path i.e @dirname
++ *
++ * This function is called for getting an absolute path of a directory entry given
++ * the parent directories absolute path.
++ *
++ * Returns: the absolute path on success. On failure returns NULL.
++ */
++static char *
++get_complete_path (const char * dirname, const char * dirent_name)
++{
++	char * full_path = NULL;
++
++	nih_assert (dirname != NULL);
++	nih_assert (dirent_name != NULL);
++
++	full_path = nih_strdup (NULL, dirname);
++	if (full_path) {
++		if (dirname [strlen(dirname) - 1] != '/') {
++			full_path = nih_strcat (&full_path, NULL, "/");
++		}
++		if (full_path)
++			full_path = nih_strcat (&full_path, NULL, dirent_name);
++	}
++	return full_path;
++}
++
++/*
++ * @del_dir:
++ *
++ * @dirname: directory whose contents need to be deleted.
++ *
++ * This function is called to free the contents of memory by deleting the
++ * memory based members of @dirname. It does not delete the contents of a
++ * member directory in case it is a mount point for other file systems which
++ * are not memory based. This function assumes that "/" is a memory based
++ * filesystem and uses this information to find out whether the underlying
++ * device of a member directory is the same as that of "/" or not.
++ *
++ *
++ * Returns: On success returns 0 while on failure it raises the
++ * org.freedesktop.DBus.Error.InvalidArg error and exits out of upstart as
++ * recovery of a pivot command is not possible.
++ */
++static int
++del_dir (const char * dirname)
++{
++	struct dirent * dirent;
++	struct stat rst, cst;
++	DIR * dirp;
++	char * path = NULL;
++	int ret = 0;
++
++	nih_assert (dirname != NULL);
++
++	ret = stat ("/", &rst);
++	if (ret) {
++		nih_debug ("Could not stat /");
++		goto error;
++	}
++	dirp = opendir (dirname);
++	if (!dirp) {
++		ret = -1;
++		goto error;
++	}
++	while ((dirent = readdir (dirp)) != NULL) {
++		if (!strcmp (dirent->d_name, ".") ||
++				(!strcmp (dirent->d_name, ".."))) {
++			continue;
++		}
++		path = get_complete_path (dirname, dirent->d_name);
++		if (!path) {
++			ret = -1;
++			goto cleanup;
++		}
++		switch (dirent->d_type) {
++		case DT_DIR:
++			ret = stat (path, &cst);
++			/* Free the contents of only the memory based
++			 * file systems but not of any other mounted
++			 * file systems if any.
++			 */
++			if (!ret && dev_match (rst.st_dev, cst.st_dev)) {
++				ret = del_dir (path);
++				if (!ret)  {
++					nih_debug ("Removing dir: %s", path);
++					ret = rmdir (path);
++				}
++			}
++			break;
++		default:
++			nih_debug ("Removing file: %s", path);
++			ret = unlink (path);
++			break;
++		}
++		nih_free (path);
++		if (ret)
++			break;
++	}
++cleanup:
++	closedir (dirp);
++error:
++	if (ret) {
++		nih_assert (errno != 0);
++		switch (errno) {
++		case ENOMEM:
++			nih_error_raise_no_memory ();
++			break;
++		default:
++			nih_error_raise (errno, strerror (errno));
++			break;
++		}
++		nih_fatal (_("Could not delete the contents of initramfs: %s"), strerror (errno));
++		exit (1);
++	}
++	return 0;
++}
++
++/**
++ * pivot_emit_failed_event:
++ *
++ * @argv: The arguments to be passed to the new requested init for execution.
++ *
++ * This function generates a new event "pivot_failed". It is used to indicate
++ * that the initcl pivot command failed to chroot to the new rootfs.
++ *
++ * Returns: on success returns the PIVOT_FAILED_EVENT and on failure returns
++ * NULL.
++ **/
++Event *
++pivot_emit_failed_event (char ** argv)
++{
++	Event           *event;
++
++	event = NIH_MUST (event_new (NULL, PIVOT_FAILED_EVENT, argv));
++	if (!event) {
++		nih_debug ("Could not emit %s", PIVOT_FAILED_EVENT);
++		nih_free (argv);
++		return NULL;
++	}
++	return event;
++}
++
++/**
++ * @are_we_on_ramfs():
++ *
++ * This function is called to check if the current root filesystem is based on
++ * a memory based filesystem.
++ *
++ * Returns: TRUE if the root filesystem is memory based, else returns FALSE.
++ **/
++static int
++are_we_on_ramfs ()
++{
++	int ret = 0;
++	struct stat st;
++	struct statfs sfs;
++
++	/* Make sure we're on a ramfs */
++	/* 1. The initramfs should have /init */
++	ret = stat ("/init", &st);
++	if (ret) {
++		if (errno == ENOMEM)
++			nih_error_raise_no_memory ();
++		else
++			nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				_("/ may not be on initramfs"));
++		return FALSE;
++	}
++	if (!S_ISREG (st.st_mode)) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				_("/ may not be on initramfs"));
++		return FALSE;
++	}
++	/* Make sure that the statistics of / indicate that its a memory based
++	 * filesystem and not a disk based one */
++	ret = statfs ("/", &sfs);
++	if (ret) {
++		switch(errno) {
++		case ENOMEM:
++			nih_error_raise_no_memory ();
++			break;
++		default:
++			nih_dbus_error_raise_printf (DBUS_ERROR_FAILED,
++				_("Cannot verify if we are in the initramfs"));
++			break;
++		}
++		return FALSE;
++	}
++	if (sfs.f_type != (long) RAMFS_MAGIC && sfs.f_type != (long) TMPFS_MAGIC) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++			_("/ is not a memory based filesystem"));
++		return FALSE;
++	}
++	return TRUE;
++}
++
++/**
++ * is_rootfs_ok:
++ *
++ * @rootfs: specifies a path to a filesytem.
++ *
++ * This function checks if the @rootfs exists, if its on based on a different
++ * device/filesystem than that of the "/" and also if its a directory.
++ *
++ * Returns: TRUE if @rootfs is on a different filesystem than /. Else returns
++ * FALSE.
++ **/
++static int
++is_rootfs_ok (const char * rootfs)
++{
++	int ret = 0;
++	struct stat rst, cst;
++
++	nih_assert (rootfs != NULL);
++	/* Make sure the requested rootfs is not the same filesystem
++	   as the current("/") root filesystem */
++	ret = stat ("/", &rst);
++	if (ret) {
++		if (errno == ENOMEM)
++			nih_error_raise_no_memory ();
++		else
++			nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++							_("Could not stat /"));
++			return FALSE;
++	}
++	ret = stat (rootfs, &cst);
++	if (ret) {
++		if (errno == ENOMEM)
++			nih_error_raise_no_memory ();
++		else
++			nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				_("Could not stat requested rootfs:%s dir"),
++						rootfs);
++		return FALSE;
++	}
++	if (dev_match (rst.st_dev, cst.st_dev)) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++			_("new rootfs: %s requested is not a different "
++						"filesystem than /"), rootfs);
++		return FALSE;
++	}
++	if (!S_ISDIR (cst.st_mode)) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++			_("new rootfs: %s requested is not a directory"),
++						rootfs);
++		return FALSE;
++	}
++	return TRUE;
++}
++
++/**
++ * @is_init_ok:
++ *
++ * @init: process that shall be perhaps executed.
++ *
++ * This function checks if the requested @init exists and if so then checks
++ * if it is a regular file which could be executed. This is called before the
++ * execution of init is attempted.
++ *
++ * Returns: TRUE when  @init is a regular file else returns FALSE
++ **/
++static int
++is_init_ok (const char * init)
++{
++	struct stat st;
++	int ret = 0;
++
++	nih_assert (init != NULL);
++	/* Check if the requested init exists */
++	ret = stat (init, &st);
++	if (ret) {
++		switch (errno) {
++		case ENOMEM:
++			nih_error_raise_no_memory ();
++			break;
++		default:
++			nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				_("The requested init: %s may not be correct"),
++							init);
++			break;
++		}
++		ret = FALSE;
++	}
++	else if (!S_ISREG (st.st_mode)) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				 _("The requested init: %s is not a regular "
++					 		"file"), init);
++		ret = FALSE;
++	} else {
++		if ((st.st_mode & S_IXUSR) || (st.st_mode & S_IXGRP) || (st.st_mode & S_IXOTH)) {
++			ret = TRUE;
++		} else {
++			nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++				 _("The requested init: %s is not an "
++					 		"executable"), init);
++		}
++	}
++	return ret;
++}
++
++/*
++ * @get_init_args:
++ *
++ * @init: The init that will be executed by calling an execvp later.
++ *
++ * This function is called to get the command line arguments for executing
++ * @init. @init is the first argument of this command line array. The rest of
++ * the arguments are collected from PROC_CMDLINE which stores the arguments
++ * specified at boot time.
++ *
++ * Returns: the address of the array with the command line arguments on success.
++ * On failure returns NULL
++ */
++static char **
++get_init_args(const char * root, const char * init)
++{
++
++	char **	env = NULL;
++	FILE * cmdline = NULL;
++	char **	tokens = NULL;
++	int i=0;
++	char line[PAGESZ];
++
++	nih_assert (root != NULL);
++	nih_assert (init != NULL);
++
++	/* Create the argv for execv(). The first argument is the "init" you
++	 * want to execute. The command line arguments to be passed to this
++	 * init are copied from PROC_CMDLINE
++	 */
++	env = nih_str_array_new (NULL);
++	if (!env)
++		goto error;
++	if (! nih_str_array_add (&env, NULL, NULL, init))
++		goto cleanup;
++	/* If the procfs is moved before this call then the /proc/cmdline will
++	 * be found in @root/PROC_CMDLINE
++	 */
++	cmdline = fopen (PROC_CMDLINE, "r");
++	if (!cmdline)
++		goto cleanup;
++	if (!fgets (line, sizeof line, cmdline))
++		goto cleanup;
++	tokens = nih_str_split (env, line, " ", 1);
++	if (!tokens)
++		goto cleanup;
++	for ( i=0 ; tokens [i] != NULL; i++) {
++		if ((tokens [i][0] == '-') && (tokens [i][1]='-')) {
++			/* argument to init */
++			if (!nih_str_array_add (&env, NULL, NULL, tokens[i]))
++				goto cleanup;
++		}
++	}
++	fclose (cmdline);
++	return env;
++cleanup:
++	if (cmdline)
++		fclose (cmdline);
++	nih_free (env);
++error:
++	switch (errno) {
++	case ENOMEM:
++		nih_error_raise_no_memory ();
++		break;
++	default:
++		nih_dbus_error_raise_printf (DBUS_ERROR_FAILED,
++				"Failed to open %s", PROC_CMDLINE);
++		break;
++	}
++	return NULL;
++}
++
++
++/*
++ * @move_mounts:
++ *
++ * @origin: virtual fs to be moved from "/"
++ * @rootfs: root filesystem where the @origin should be moved to.
++ *
++ * This function is intended to move the virtual filesystem @origin from "/"
++ * to the real @rootfs. This is a necessary step before we move root from "/"
++ * to the real @rootfs. This function should be called to move /dev, /sys and
++ * /proc to a corresponding mountpoint in @rootfs
++ *
++ * Returns: On success returns 0 and on failure returns -1
++ *
++ */
++static int
++move_mounts(const char * origin, const char * rootfs)
++{
++	char * path = NULL;
++	int ret = 0;
++
++	path = nih_strdup (NULL, rootfs);
++	if (path) {
++		if (origin[0] != '/')
++			path = nih_strcat (&path, NULL, "/");
++		if (path) {
++			path = nih_strcat (&path, NULL, origin);
++			/* Move the devfs to the new root filesystem */
++			if (path)
++				ret = mount (origin, path, NULL, MS_MOVE, NULL);
++		}
++	}
++	if (ret || !path) {
++		if (errno == ENOMEM)
++			nih_error_raise_no_memory ();
++		nih_dbus_error_raise_printf (DBUS_ERROR_FAILED,
++				_("Cannot move %s to %s"), origin, rootfs);
++		ret = -1;
++	}
++	if (path)
++		nih_free (path);
++	return ret;
++}
++
++/*
++ * send_reply:
++ * @message: Dbus connection and message received. We use this for sending a
++ * reply.
++ *
++ * This function is used to send a reply back to the initctl command before we
++ * execvp the requested init. We do not want to return to the middleware but
++ * instead execvp the requested init. By not returning to the middleware we
++ * need to ourself send a reply explicitly to initctl so that it can exit.
++ */
++static void
++send_reply (NihDBusMessage  *message)
++{
++	DBusMessageIter iter;
++	DBusMessage *   reply;
++
++	nih_assert (message != NULL);
++
++	do {
++		__label__ enomem;
++
++		/* Construct the reply message. */
++		reply = dbus_message_new_method_return (message->message);
++		if (! reply)
++			goto enomem;
++		dbus_message_iter_init_append (reply, &iter);
++	enomem: __attribute__ ((unused));
++	} while (! reply);
++	/* Send the reply, appending it to the outgoing queue. */
++        NIH_MUST (dbus_connection_send (message->connection, reply, NULL));
++	dbus_message_unref (reply);
++	return;
++}
++
++/**
++ * pivot_to_new_rootfs:
++ * @message: D-Bus connection and message received,
++ * @rootfs: dir to chroot to
++ * @init: new init to spawn on chrooting to rootfs
++ *
++ * Called to change the root filesystem to a requested @rootfs, after which the
++ * requested @init should be executed. This function changes the root
++ * filesystem only when "/" is on initramfs and the @rootfs is the real rootfs
++ * to be switched to. On changing the root filesystem as requested, this
++ * function releases memory by deleting the contents of the memory based
++ * initramfs before executing @init. If @rootfs or @init are not valid, the
++ * org.freedesktop.DBus.Error.InvalidArg error will be returned immediately.
++ * If this function fails before freeing the contents of the initramfs then
++ * the pivot_failed event is generated. If this function fails after the
++ * contents of the initramfs have been freed then failure handling is no more
++ * possible.
++ *
++ * Returns: does not return on success, negative value on raised error.
++ **/
++int
++pivot_to_new_rootfs (NihDBusMessage  *message,
++		     const char      *rootfs,
++		     const char      *init)
++{
++	char **		     env;
++	int  ret = 0;
++
++	nih_assert (message != NULL);
++	nih_assert (rootfs != NULL);
++	nih_assert (init != NULL);
++
++        /* Verify that the rootfs dir name is valid */
++        if (! strlen (rootfs)) {
++                nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++                        _("Rootfs dir name may not be empty string"));
++                pivot_emit_failed_event (NULL);
++                return -1;
++        }
++        /* Verify that the init name is valid */
++        if (! strlen (init)) {
++                nih_dbus_error_raise_printf (DBUS_ERROR_INVALID_ARGS,
++                        _("Name of init may not be empty string"));
++                pivot_emit_failed_event (NULL);
++                return -1;
++        }
++	/* Before you free up the initramfs memory by deleting files in the
++	 * initramfs, make sure:
++	 * 1. That the current root filesystem is memory based.
++	 * 2. That you are trying to pivot to a different than the current filesystem.
++	 */
++	if (!are_we_on_ramfs ()) {
++		pivot_emit_failed_event (NULL);
++		return -1;
++	}
++	/* Make sure the requested rootfs is not the same filesystem
++	   as the current("/") root filesystem */
++	if (!is_rootfs_ok (rootfs)) {
++		pivot_emit_failed_event (NULL);
++		return -1;
++	}
++	/* Create the argv for execv(). The first argument is the "init" you
++	 * want to execute. The command line arguments to be passed to this
++	 * init are copied from /proc/cmdline.
++	 */
++	env = get_init_args (rootfs, init);
++	if (!env) {
++		pivot_emit_failed_event (NULL);
++		return -1;
++	}
++	delete_conf_watches ();
++	/* Move the virtual filesystem to the new rootfs. This is needed for
++	 * making @rootfs as the new root filesystem
++	 */
++	/* 1. Move the sysfs to the new root filesystem */
++	if (move_mounts ("/sys", rootfs)) {
++		pivot_emit_failed_event (env);
++		nih_free (env);
++		return -1;
++	}
++	/* 2. Move the procfs to the new root filesystem */
++	if (move_mounts ("/proc", rootfs)) {
++		pivot_emit_failed_event (env);
++		nih_free (env);
++		return -1;
++	}
++
++	/* First, change to the new root directory */
++	ret = chdir (rootfs);
++	if (ret) {
++		nih_dbus_error_raise_printf (DBUS_ERROR_FAILED,
++			_("Cannot change to newly requested rootfs dir"));
++		pivot_emit_failed_event (env);
++		nih_free (env);
++		return -1;
++	}
++	/* Check if the requested init exists */
++	if (!is_init_ok (init)) {
++		ret = chdir ("/");
++		pivot_emit_failed_event (env);
++		nih_free (env);
++		return -1;
++	}
++	send_reply (message);
++	nih_signal_reset ();
++	/* After this point you cannot recover from a initramfs console */
++	/* Hopefully we are sure we are in the initramfs and so safe to free
++	 * the memory now by freeing up the rambased filesystem's contents*/
++	del_dir ("/");
++	/* Overmount the root with the request root filesystem*/
++	ret = mount (".", "/", NULL, MS_MOVE, NULL);
++	if (ret) {
++		if(errno == ENOMEM) {
++			nih_error_raise_no_memory();
++		}
++		nih_fatal (_("Cannot mount the requested rootfs"));
++		exit (1);
++
++	}
++	nih_debug ("Mounted the new root filesystem ");
++	/* chroot, chdir to the new root filesystem*/
++	if (chroot (".")) {
++		nih_fatal (_("Could not chroot to the new requested root filesystem"));
++		exit (1);
++
++	}
++	if (chdir ("/")) {
++		nih_fatal (_("Could not chdir to the new requested root filesystem"));
++		exit (1);
++	}
++	/* Spawn init */
++	nih_debug ("About to execute new requested init: %s", init);
++	execvp (init, env);
++	nih_fatal (_("Could not execute the new init in the requested rootfs"));
++	exit (1);
++}
++
 === added file 'init/pivot.h'
 --- init/pivot.h	1970-01-01 00:00:00 +0000
 +++ init/pivot.h	2011-07-15 17:51:29 +0000
@@ -0,0 +1,66 @@
++/* upstart
++ *
++ * pivot.h - Pivot command handling definitions
++ *
++ * Copyright © 2011 Canonical Ltd.
++ * Author: Surbhi A. Palande <surbhi.palande@ubuntu.com>.
++ *
++ * This program is free software; you can redistribute it and/or modify
++ * it under the terms of the GNU General Public License version 2, as
++ * published by the Free Software Foundation.
++ *
++ * This program is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++ * GNU General Public License for more details.
++ *
++ * You should have received a copy of the GNU General Public License along
++ * with this program; if not, write to the Free Software Foundation, Inc.,
++ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++ */
++
++
++#include <sys/mount.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <dirent.h>
++#include <sys/vfs.h>
++#include <unistd.h>
++#include <fcntl.h>
++#include <stdio.h>
++#include <string.h>
++#include <sys/types.h>
++#include <sys/wait.h>
++
++#include <nih/macros.h>
++#include <nih/alloc.h>
++#include <nih/string.h>
++#include <nih/main.h>
++#include <nih/logging.h>
++#include <nih/error.h>
++#include <nih/errors.h>
++#include <nih-dbus/dbus_error.h>
++
++#include <linux/magic.h>
++#include <linux/fs.h>
++
++#include "system.h"
++#include "paths.h"
++#include "events.h"
++
++/*
++ * This macro is used for checking if the major and minor numbers of two
++ * devices are the same.
++ *
++ * @devid1: is a dev_t type id of a device
++ * @devid2: is a dev_t type id of another device
++ *
++ * Returns TRUE if the device ids match, else FALSE
++ */
++#define dev_match(devid1, devid2) ((major (devid1) == major (devid2)) && (minor (devid1) == minor (devid2)))
++
++
++#define PAGESZ getpagesize()
++
++Event * pivot_emit_failed_event (char ** argv);
++int pivot_to_new_rootfs (NihDBusMessage  *message, const char *rootfs, const char *init);
 === modified file 'init/tests/test_control.c'
 --- init/tests/test_control.c	2011-06-06 17:05:11 +0000
 +++ init/tests/test_control.c	2011-07-15 17:51:29 +0000
@@ -2,7 +2,7 @@
+  *
   * test_dbus.c - test suite for init/dbus.c
+  *
-- * Copyright © 2010 Canonical Ltd.
++ * Copyright © 2010-2011 Canonical Ltd.
   * Author: Scott James Remnant <scott@netsplit.com>.
+  *
   * This program is free software; you can redistribute it and/or modify
@@ -60,6 +60,7 @@
  #include "conf.h"
  #include "control.h"
  #include "errors.h"
++#include "events.h"
  extern const char *control_server_address;
@@ -2176,6 +2177,108 @@
  	nih_log_priority = NIH_LOG_UNKNOWN;
+ }
++void
++test_pivot_root (void)
++{
++	NihDBusMessage *message = NULL;
++	char           *rootfs = NULL;
++	char           *init = NULL;
++	NihError       *err;
++	NihDBusError *dbus_err;
++	int             ret = 0;
++	JobClass *class = NULL;
++	Job      *job;
++
++	/* Check that the function returns the package string as a newly
++	 * allocated child of the message structure.
++	 */
++	TEST_FUNCTION ("control_pivot_to_new_rootfs");
++	nih_error_init ();
++	job_class_init ();
++
++	TEST_ALLOC_FAIL {
++		TEST_ALLOC_SAFE {
++			message = nih_new (NULL, NihDBusMessage);
++			message->connection = NULL;
++			message->message = NULL;
++
++		/* Case 1: Invalid ROOTFS and Invalid INIT */
++			rootfs = nih_strdup (NULL, "/tea");
++			init   = nih_strdup (NULL, "/biscuit");
++			class = job_class_new (NULL, "test", NULL);
++			class->task = TRUE;
++			class->process[PROCESS_MAIN] = process_new (class->process);
++			class->process[PROCESS_MAIN]->command = "echo";
++			class->start_on = event_operator_new (
++					class, EVENT_MATCH, PIVOT_FAILED_EVENT, NULL);
++			nih_hash_add (job_classes, &class->entry);
++		}
++
++
++		ret = control_pivot_to_new_rootfs (NULL, message, rootfs,
++							init);
++		if (ret < 0) {
++			TEST_EQ (ret, -1);
++			err = nih_error_get ();
++			TEST_ALLOC_SIZE (err, sizeof (NihDBusError));
++
++			TEST_EQ (err->number, NIH_DBUS_ERROR);
++			dbus_err = (NihDBusError *)err;
++			TEST_EQ_STR (dbus_err->name, DBUS_ERROR_INVALID_ARGS);
++			nih_free (dbus_err);
++
++		}
++
++		event_poll();
++		/* a pivot_failed event should be created by the dummy init
++		 * and dummy rootfs. We try to start a job on that*/
++		TEST_ALLOC_SAFE {
++			TEST_HASH_NOT_EMPTY (class->instances);
++			job = (Job *)nih_hash_lookup (class->instances, "");
++
++			TEST_EQ (job->goal, JOB_START);
++
++			waitpid (job->pid[PROCESS_MAIN], NULL, 0);
++			nih_free (rootfs);
++			nih_free (init);
++
++		/* Case 2: valid ROOTFS and valid INIT. Rootfs not different
++		 * than current FS */
++			rootfs = nih_strdup (NULL, "/");
++			init   = nih_strdup (NULL, "/sbin/init");
++		}
++
++		ret = control_pivot_to_new_rootfs (NULL, message, rootfs,
++							init);
++		if (ret < 0) {
++			TEST_EQ (ret, -1);
++			err = nih_error_get ();
++			TEST_ALLOC_SIZE (err, sizeof (NihDBusError));
++
++			TEST_EQ (err->number, NIH_DBUS_ERROR);
++			dbus_err = (NihDBusError *)err;
++			TEST_EQ_STR (dbus_err->name, DBUS_ERROR_INVALID_ARGS);
++			nih_free (dbus_err);
++
++		}
++
++		event_poll();
++		/* a pivot_failed event should be created by the dummy init
++		 * and dummy rootfs. We try to start a job on that*/
++		TEST_ALLOC_SAFE {
++			TEST_HASH_NOT_EMPTY (class->instances);
++			job = (Job *)nih_hash_lookup (class->instances, "");
++
++			TEST_EQ (job->goal, JOB_START);
++
++			waitpid (job->pid[PROCESS_MAIN], NULL, 0);
++			nih_free (rootfs);
++			nih_free (init);
++			nih_free (class);
++		}
++		nih_free (message);
++	}
++}
  int
  main (int   argc,
@@ -2205,5 +2308,7 @@
  	test_get_log_priority ();
  	test_set_log_priority ();
++	test_pivot_root();
++
  	return 0;
+ }
 === modified file 'util/initctl.c'
 --- util/initctl.c	2011-06-03 09:37:25 +0000
 +++ util/initctl.c	2011-07-15 17:51:29 +0000
@@ -1,6 +1,6 @@
  /* upstart
+  *
-- * Copyright © 2010 Canonical Ltd.
++ * Copyright © 2010-2011 Canonical Ltd.
   * Author: Scott James Remnant <scott@netsplit.com>.
+  *
   * This program is free software; you can redistribute it and/or modify
@@ -121,6 +121,7 @@
  int log_priority_action         (NihCommand *command, char * const *args);
  int show_config_action          (NihCommand *command, char * const *args);
  int check_config_action         (NihCommand *command, char * const *args);
++int pivot_action                (NihCommand *command, char * const *args);
  /**
@@ -1202,6 +1203,54 @@
+ }
  /**
++ * pivot_action:
++ * @command: NihCommand invoked,
++ * @args: command-line arguments.
++ *
++ * This function is called for the "pivot" command.
++ *
++ * Returns: 0 on success and 1 on error
++ **/
++int
++pivot_action (NihCommand *  command,
++	      char * const *args)
++{
++	nih_local NihDBusProxy *upstart = NULL;
++	int                     ret = 1;
++	NihError *              err;
++
++	nih_assert (command != NULL);
++	nih_assert (args != NULL);
++
++	if (!args[0]) {
++		fprintf (stderr, _("%s: missing rootfs \n"), program_name);
++		nih_main_suggest_help ();
++		return 1;
++	}
++	nih_debug("rootfs: %s", args[0]);
++	if (!args[1]) {
++		fprintf (stderr, _("%s: missing init \n"), program_name);
++		nih_main_suggest_help ();
++		return 1;
++	}
++	nih_debug("init: %s", args[1]);
++
++	upstart = upstart_open (NULL);
++	if (! upstart)
++		return 1;
++
++	ret = upstart_pivot_to_new_rootfs_sync (NULL, upstart, args[0],
++		       						args[1]);
++	if (ret < 0) {
++		err = nih_error_get ();
++		nih_error ("Error: %s", err->message);
++		nih_free (err);
++		ret = 1;
++	}
++	return ret;
++}
++
++/**
   * show_config_action:
   * @command: NihCommand invoked,
   * @args: command-line arguments.
@@ -2297,6 +2346,15 @@
  };
  /**
++ * pivot_options:
++ *
++ * Command-line options accepted for the pivot command.
++ **/
++NihOption pivot_options[] = {
++	NIH_OPTION_LAST
++};
++
++/**
   * reload_configuration_options:
+  *
   * Command-line options accepted for the reload-configuration command.
@@ -2365,6 +2423,14 @@
  static NihCommandGroup event_commands = { N_("Event") };
  /**
++ * pivot_group:
++ *
++ * Group of commands related to new rootfs and new init.
++ **/
++static NihCommandGroup pivot_commands = { N_("Rootfs") };
++
++
++/**
   * commands:
+  *
   * Commands accepts as the first non-option argument, or program name.
@@ -2430,6 +2496,14 @@
  	     "to be included in the event.\n"),
  	  &event_commands, emit_options, emit_action },
++	{ "pivot", N_("ROOTFS INIT"),
++	  N_("Execute a new init process after changing from a ram based root"
++			 " filesystem to a new root filesystem"  ),
++	  N_("ROOTFS is the path of the new root filestem to be changed to"
++	     "INIT is the new init process in the new root filesystem that should be "
++	     "spawned after successfully changing the root filesystem to ROOTFS \n"),
++	  &pivot_commands, pivot_options, pivot_action },
++
  	{ "reload-configuration", NULL,
  	  N_("Reload the configuration of the init daemon."),
  	  NULL,