A rootdisk is a gzip-compressed RAMdisk image that is mounted as root(/) during the boot process. Currently, the rootdisk for the Sentry Firewall CD is around 16-18 MB in size, uncompressed.
It is, of course, possible to increase the size of the rootdisk to accommodate your needs. When you increase the size of this image you also need to increase the "ramdisk_size" parameter passed to the kernel at boot time by syslinux. This parameter can be adjusted either manually at the initial boot prompt or in the "isolinux.cfg" file kept in the isolinux directory on the CD. If the uncompressed ramdisk size is larger than this parameter, the boot process will not continue passed the loading of the kernel. That is, root(/) will never be mounted and you will get a kernel panic.
As of version 1.5.0-rc11 the Sentry Firewall CD utilizes a tmpfs file system for its root partition. The tmpfs file system, also known as "virtual memory file system" or "shm fs", provides two major advantages:
With this new development it is now possible to resize root(/) at configuration time(or any time afterward) without rebuilding the rootdisk or ISO. Please see the "root_size" and "add_swap" configuration directives for more details.
I use a script called 'mkrootdsk.sh'. This is a bash shell script that formats/mounts the disk image, and then creates or copies the files to the disk image as needed.
If you would like to attempt to use the mkrootdsk.sh script please be sure to read through it first, as it tends to be a bit hacky at times. It runs perfectly on my development system, but may not run well at all on yours. The output from the script should look something like the following:
Sentry Firewall CD-ROM: mkrootdsk.sh Copyright (C) Stephen A. Zarkos, Obsid@Sentry.net Ok, let's get to it... [+] Creating /root/rootdisk/root... Done. [+] Ok, starting to copy stuff to the rootdisk... [+] Making directories: root dev proc etc sbin bin lib mnt mnt1 mnt2 mnt3 mnt4 opt cdrom floppy tmp tmp/drivers var initrd... Done. [+] Copying /dev files... Done. [+] Working in /var... Done. [+] Working in /home... Done. [+] Working in /bin... Done. [+] Working in /sbin... Done. [+] Working in /lib... Done. [+] Working in /etc... Done. [+] Building drivers-2.4.tar.gz(network config support). [+] Using /cdrom/lib/modules/2.4.25GENERIC. [+] Tar/Gzipping /root/rootdisk/root... Done. [+] Zeroing out file: /root/rootdisk/initrd.img... Done. [+] Creating ext2 file system on /root/rootdisk/initrd.img... Done. [+] Mounting initrd.img on /root/rootdisk/mnt... Done. [+] Copying files to rootdisk... Done. [+] /root/rootdisk/initrd.img is still mounted, do you want me to unmount it? (y/n) y [+] Unmounting /root/rootdisk/mnt... Done. [+] Gzipping /root/rootdisk/initrd.img... Done. Location of new rootdisk --> /root/rootdisk/initrd.img
The finished ramdisk image is then copied to the isolinux directory before creating the actual ISO image.
To look at and modify the initrd.img image, do something like the following:
blah@wherever:~$ cp /cdrom/isolinux/initrd.img /tmp/initrd.img.gz blah@wherever:~$ gzip -d /tmp/initrd.img.gz blah@wherever:~$ mount -o loop /tmp/initrd.img /MOUNT_POINT
You may then cd to /MOUNT_POINT and edit the files on the rootdisk. Once you are finished you can then unmount and gzip the initrd.img file and place it back in the isolinux directory.
The following are some notes about the layout and design of the rootdisk.