This document describes and validates settings that are often forgotten during the installation of Gentoo Linux.

Applicable platforms

  • cpe:/o:gentoo:linux

Version: 20131215.1

Revision history

  • draft (as of 2013-12-15)

1. Installation related settings

In this chapter, we will cover the installation related settings users forget to enable or change.

1.1. Change the /dev/ROOT and /dev/BOOT entries in /etc/fstab

During the installation, Gentoo provides a default /etc/fstab file which contains substitution names like /dev/ROOT and /dev/BOOT.

Users should change these towards the right block device that represents their root and boot file systems. However, many users forget this. If the /dev/ROOT is not changed, most systems will still boot (as it is the Linux kernel and its options that define what the root file system is) but automated checks or other system updates might show undefined behavior if this is not correctly changed.

The /dev/BOOT change is needed for the bootloader (and sometimes also kernel deployment) changes. The processes could try to mount /dev/BOOT, which will fail, terminating the process and showing an ugly error message to the end user.

1.1.a. There should be no /dev/ROOT in /etc/fstab

Remediation instructions

Update /etc/fstab and change /dev/ROOT to point to the right block device containing the root file system.

1.1.b. There should be no /dev/BOOT in /etc/fstab

Remediation instructions

Update /etc/fstab and change /dev/BOOT to point to the right block device containing the boot file system.

1.2. Define rc_sys in rc.conf

The rc_sys variable in rc.conf tells OpenRC which kind of hypervisor, if any, the system is installed in. It should be set to the correct value, or empty if there is no hypervisor involved.

Keeping this variable unset will continuously show a warning, and OpenRC will assume no virtualization is enabled.

1.2.a. rc_sys should be defined in /etc/rc.conf

Remediation instructions

Update /etc/rc.conf's rc_sys variable to the right value.

Remediation script

                  
sed -i 's/^#rc_sys.*/rc_sys="" # Auto-remediated/g' /etc/rc.conf;