[Buildroot] Boot without busybox

Arnout Vandecappelle arnout at mind.be
Sat Oct 20 16:35:41 UTC 2018



On 20/10/2018 17:03, Ranran wrote:
> On Sat, Oct 20, 2018 at 3:29 PM Arnout Vandecappelle <arnout at mind.be> wrote:
>>
>>
>>
>> On 20/10/2018 08:04, Ranran wrote:
>>> Hello,
>>>
>>> As part of Linux hardening we want to remove busybox from filesystem.
>>
>>  How does replacing busybox with bloatware harden your system?
>>
> I actually thought of removing it totally (no replacement), but if
> this is not possible on buildroot we might consider other alternatives
> (such as minimizing its capability).

 Assuming you want an actual *working*, *running* system, you will need
*something* to provide the basic userspace functionality: init, shell,
coreutils, etc. You have the choice between using busybox for that (small, thus
easy to harden), or the "full packages" (many different packages, all of them
much larger than busybox, so most likely more difficult to harden).

> 
>>> But I am not sure if system can boot without it.
>>> I am quite sure that there are init files that depends on busybox.
>>>
>>> Is it possible to boot without busybox or does it require a custom init ?
>>
>>  We have support for 3 different init systems: busybox, sysvinit, and systemd.
>> There is also the "none" option, but then you're on your own for finding the
>> appropriate init system. You can use it for using s6 as init system, for example.
>>
>>  If you remove Busybox entirely, you will also have to manually select all the
>> other packages needed to get a minimal Unix system, like GNU coreutils, some
>> shell, util-linux, ...
>>
> 
> Isn't removing buildroot just a matter of selections in menuconfig ?

 Yes it is. Well, you need to select a different init system before you're able
to remove it in menuconfig.

 However, that will leave you with a system that doesn't work. It will boot, it
will start init, but then init is not able to start any other process because
there is no shell.

> I mean, must I know which package should be replcaed with others or is
> it that buildroot menu shall automatically choose for me the correct
> selection when I remove busybox ?

 That's the point: buidroot does *not* do that for you. It just prints a warning
that your config might be broken :-).

 Note that you may actually get away with building a system without any of the
standard tools (shell, ls, etc.). For example, a "boot-to-gecko" kind of system
in theory needs nothing other than firefox, and firefox can be used directly as
the "init system". But again, you're on your own to make sure that this actually
works.

 Regards,
 Arnout


More information about the buildroot mailing list