How to create rootfs filesystem for Ubuntu 18.04

Original writeup here (with some bugs corrected):

http://bluequiet.blogspot.com/2017/09/building-ubuntu-rootfs-for-arm.html

But the steps is applicable to any hardware: i386, amd64, ppc, arm, mips etc.

First download the Ubuntu base from here (here we assumed for amd64, but you can always download images for other platform and :

http://cdimage.ubuntu.com/cdimage/ubuntu-base/releases//18.04/release/

Next is to create the rootfs image:

Some repetition may be needed here (until you get the size right). By that I mean the the “apt-get install” command below can be successfully executed – to include all the basic debian packages.

For Ubuntu 18.04 amd64, the estimated required size is about 1G.

So create a 1G rootfs empty image:

sudo dd if=/dev/zero of=rootfs.img bs=1024 count=1M

sudo mkfs.ext4 -F -L linuxroot rootfs.img

sudo mkdir /mnt/tmpdir

sudo mount -o loop rootfs.img /mnt/tmpdir

sudo tar zxvf ubuntu-*.tar.gz -C /mnt/tmpdir #### (unpacking the tar.gz file downloaded from cdimage.ubuntu.com above).

sudo cp /etc/resolv.conf /mnt/tmpdir/etc/

sudo mount -t proc /proc /mnt/tmpdir/proc
sudo mount -t sysfs /sys /mnt/tmpdir/sys
sudo mount -o bind /dev /mnt/tmpdir/dev
sudo mount -o bind /dev/pts /mnt/tmpdir/dev/pts

sudo chroot /mnt/tmpdir

Inside the chroot environment (“sudo” does not exists in ubuntu base):

apt-get update
apt-get install \
language-pack-en-base \
sudo \
ssh \
net-tools \
ethtool \
wireless-tools \
ifupdown \
network-manager \
iputils-ping \
rsyslog \
htop \
vim \
xinit xorg \
alsa-utils \
--no-install-recommends

Inside the rootfs:

useradd username ###and remember to set the password as well

You may want to setup root password as well, just in case you may be interested in going as root, as “sudo” is not configured by default.

Set up hostname:

echo "myhost" > /etc/hostname

Inside /etc/hosts:

127.0.0.1 localhost
127.0.0.1 myhost

##//Make X used by ‘anyuser’: /etc/X11/Xwrapper.config
allowed_users=anybody

##//set up timezone
dpkg-reconfigure tzdata

##//set up group for alsa : /etc/group
audio:x:29:pulse,username

##// Set up group for fbterm: /etc/group
video:x:44:username

sudo umount /mnt/tmpdir/proc
sudo umount /mnt/tmpdir/sys
sudo umount /mnt/tmpdir/dev/pts
sudo umount /mnt/tmpdir/dev

Assuming the present rootfs image is named as “rootfs.img”:

rootfs=rootfs.img
append="root=/dev/sda console=ttyS0"

Booting up in the latest kernel I have compiled:

kernel=vmlinuz-5.5.0-rc7+
initrd=initrd.img-5.5.0-rc7+

qemu-system-x86_64 -m 1024M -nographic -kernel $kernel -append "$append" -hda $rootfs -net nic

The output of the bootup is as follows:

https://pastebin.com/fK6T4wYK

How to enumerate processes / kernel threads without using “ps -ef” command?

Instead of using “ps” command to get the list of running processes, which can be quite cumbersome (with multiple “cut” and “sort” and “sed” in your bash shell script) is it possible just to use the procfs interface?

Yes it is.

First, notice that “ps -ef” will list out both kernel threads and userspace processes:

UID PID PPID C STIME TTY TIME CMD
root 1 0 0 08:40 ? 00:00:02 /sbin/init splash
root 2 0 0 08:40 ? 00:00:00 [kthreadd]
root 3 2 0 08:40 ? 00:00:00 [rcu_gp]
root 4 2 0 08:40 ? 00:00:00 [rcu_par_gp]
root 6 2 0 08:40 ? 00:00:00 [kworker/0:0H-kb]
root 1465 1 0 08:40 ? 00:00:00 /usr/sbin/lightdm
root 1542 1 0 08:40 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1543 1542 0 08:40 ? 00:00:00 /usr/sbin/apache2 -k start
www-data 1544 1542 0 08:40 ? 00:00:00 /usr/sbin/apache2 -k start

They are two different types of entities. One is ring 0 and another is ring 3. (https://en.wikipedia.org/wiki/Protection_ring).

Normally in shell script processing, we can only deal with ring 3, as ring 0 will need kernel mode execution.

So how to distinguish between the two?

First notice that “kthreadd” is the parent pid of all the other kernel tasks:

And userspace process will have non-“2” as the parent pid:

To enumerate child processes via procfs interface, search for the “children” interface:

Eg, for pid=1, “cat /proc/1/task/1/children”:

506 527 1076 1078 1167 1180 1242 1244

And under pid=2 we have all the kernel threads as children (see diagram above) – whose pid can be randomly spread anywhere. So the range of the pid does not decide if you are a kernel thread or not, it is the parent.

To recursively enuerate all userspace processes:

	import sys
	import subprocess
	def get_children(pid):
	if (len(pid)==0) or pid is None:
	return
	child_pid_procfs="/proc/" + pid + "/task/" + pid + "/children"
	out = subprocess.Popen(['cat', child_pid_procfs],
	stdout=subprocess.PIPE,
	stderr=subprocess.PIPE)
	childstr,err=out.communicate()
	childlist=childstr.rstrip().split(" ")
	if len(childlist[0])==0:
	return None
	return childlist
	def enum_proc(pidlist):
	if pidlist is None or (len(pidlist))==0:
	return
	for pid in pidlist:
	childlist=get_children(pid)
	if childlist is None:
	continue
	print(childlist)
	enum_proc(childlist)
	pid=sys.argv[1]
	childlist=get_children(pid)
	print(childlist)
	enum_proc(childlist)

view raw gistfile1.txt hosted with ❤ by GitHub