[TIP] System rescue without a Live CD

Lazarus Overlook · n00b Joined: 28 Aug 2023 Posts: 2

Using the rd.break Kernel Argument for Troubleshooting

Hello fellow Gentoo users!

I want to talk about using the <rd.break> kernel argument for troubleshooting and fixing issues during the boot process. This powerful option saved my bacon more than once when I encountered problems that prevented my system from booting successfully, without using a rescue CD!

What is the <rd.break> Kernel Argument?

The <rd.break> kernel argument interrupts the boot process to gain access to a minimal shell before the root filesystem is mounted. This is incredibly useful when faced with problems like forgotten root passwords, misconfigured filesystems, or even hardware-related issues.

How to Use <rd.break>?

1. Start by rebooting the system.
2. During the boot process, when the GRUB menu appears (or the bootloader you’re using), select your desired kernel entry.
3. Press “e” to edit the kernel parameters.
4. Navigate to the line that starts with <linux> or <linuxefi>.
5. Add <rd.break> at the end of that line.
6. Replace the <ro> argument with <rw>, if it exists
7. Press “Ctrl+X” to boot with the modified parameters.

What Can You Do in the Minimal Shell?

Once the minimal shell (initramfs) is loaded, you have a chance to:
- Remount the root filesystem in read-write mode using <mount -o remount,rw /sysroot>.
- Access the </sysroot> directory, which contains the root filesystem.
- Make changes, repair configurations, or reset passwords.

Example Scenario: Resetting the Root Password

One common use case is resetting a forgotten root password. Here’s how:
1. Use <chroot /sysroot> to switch to the root filesystem.
2. Use <passwd> to change the root password.
3. Exit the chroot environment and reboot.

:?:

(optional) Configure SELinux

If using SELinux, the context type in </etc/shadow> is now messed up, which will deny further logins once the system is fully booted. Here is how to fix it:
4a. <touch /.autorelabel>, which will force SELinux to restore labels that are set on the entire file system.
Note: The next boot might take longer, since restoring all the labels is time consuming.
4b. <load_policy -i> to load the SELinux policy.
5b. <chcon -t shadow_t /etc/shadow> to manually set the correct context type to /etc/shadow.

:!:

Remember

While <rd.break> is a powerful tool, it’s essential to use it responsibly and with caution. It provides access to your system at a critical stage, so always be sure of what you’re doing.

Disclaimer: Always make sure to back up your data before making changes to your system. This forum post is for informational purposes only, and I’m not responsible for any consequences arising from its use.
_________________
Cheers,

Lazarus E. Overlook

grknight · Retired Dev Joined: 20 Feb 2015 Posts: 1896

This only works with a Dracut initramfs. Other initramfs are not required to implement this.

Genkernel, for example, does not work with these instructions.

gentoo-kernel{,-bin} packages create a dracut initramfs by default.

skellr · Posted: Mon Aug 28, 2023 8:23 pm Post subject:

It may be important to not that rd.* options are for initramfs images generated by Dracut.
https://www.unix.com/man-page/linux/7/dracut.cmdline/

szatox · Advocate Joined: 27 Aug 2013 Posts: 3404

Pro tip:
init=/bin/sh

Works everywhere

skellr · Posted: Mon Aug 28, 2023 9:04 pm Post subject:

Lazarus Overlook · n00b Joined: 28 Aug 2023 Posts: 2

szatox · Advocate Joined: 27 Aug 2013 Posts: 3404

init= allows you to chose PID 1 at boot time.
Make it shell and you're in a god mode