Can initramfs be prevented from entering a recovery console?

For some errors, initramfs will drop into a recovery console to allow the user to fix things before booting.

This can be a problem both for security (eg on a customer facing kiosk) and ability to recover the system (eg unattended systems and IOT devices)

Is there a way to reconfigure this so that it reboots instead?

I can configure grub so that it tries a different boot option if it the system doesn’t reach steady state, but I can’t do anything if it just sits there waiting for user input that will never come.

Note that, far from a system being totally unrecoverable, a failed boot can often be resolved in the boot loader by rolling back to a previously working configuration. This technique is very common in IOT. However it might on the IOT device self-rebooting on failure.

Asked By: Philip Couling

||
Source

On failure during startup (e.g. mounting device) the system starts into "emergency.target" and starts "emergency.service".
The message "(or type Control-D for normal startup)" is shown at this point.

# systemctl status emergency.service 
○ emergency.service - Emergency Shell
     Loaded: loaded (/lib/systemd/system/emergency.service; static)
     Active: inactive (dead)
       Docs: man:sulogin(8)

This starts the root-login shell by asking for root password (see man 8 sulogin).

Just mask the service and the target and it can not be started. But I have no experience what happens if a serious error occurs where the system can not be started. Be careful, better test it somehow.

sudo systemctl mask emergency.service
sudo systemctl mask emergency.target
Answered By: Marco

You can disable the initramfs debug shell and reboot immediately with the kernel argument panic=<seconds> eg: panic=10.

From man initramfs-tools

panic sets an timeout on panic. panic=sec is a documented security feature: it disables the debug shell.

Warning

Don’t use panic=0. This does the opposite and disables the reboot feature instead of enabling it. initramfs follows the same semantics as the Kernel.

From the kernel admin guide:

panic=          [KNL] Kernel behaviour on panic: delay <timeout>
                timeout > 0: seconds before rebooting
                timeout = 0: wait forever
                timeout < 0: reboot immediately
                Format: <timeout>

links

Answered By: Andrew Lowther
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.