From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-777550-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	by finch.gentoo.org (Postfix) with ESMTP id D2A6F138AD6
	for <garchives@archives.gentoo.org>; Fri, 27 Feb 2015 02:30:17 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 63E27E0929;
	Fri, 27 Feb 2015 02:30:17 +0000 (UTC)
Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 0C842E0929
	for <gentoo-commits@lists.gentoo.org>; Fri, 27 Feb 2015 02:30:16 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id F3E1A3407B3
	for <gentoo-commits@lists.gentoo.org>; Fri, 27 Feb 2015 02:30:15 +0000 (UTC)
Received: from localhost.localdomain (localhost [127.0.0.1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 20D2B12A24
	for <gentoo-commits@lists.gentoo.org>; Fri, 27 Feb 2015 02:30:14 +0000 (UTC)
From: "Robin H. Johnson" <robbat2@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" <robbat2@gentoo.org>
Message-ID: <1425004121.ac3d2bb6b761e72a5b5161639beeb28f37b380a0.robbat2@OpenRC>
Subject: [gentoo-commits] proj/openrc:master commit in: init.d/
X-VCS-Repository: proj/openrc
X-VCS-Files: init.d/bootmisc.in
X-VCS-Directories: init.d/
X-VCS-Committer: robbat2
X-VCS-Committer-Name: Robin H. Johnson
X-VCS-Revision: ac3d2bb6b761e72a5b5161639beeb28f37b380a0
X-VCS-Branch: master
Date: Fri, 27 Feb 2015 02:30:14 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Archives-Salt: 5eb0fbf4-5300-424b-a3c0-eeaf70b3acf0
X-Archives-Hash: 26284a37625c2408f8306fa70c64f0e2

commit:     ac3d2bb6b761e72a5b5161639beeb28f37b380a0
Author:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
AuthorDate: Fri Feb 27 01:58:22 2015 +0000
Commit:     Robin H. Johnson <robbat2 <AT> gentoo <DOT> org>
CommitDate: Fri Feb 27 02:28:41 2015 +0000
URL:        http://sources.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=ac3d2bb6

bootmisc: clean_run safety improvements.

If /tmp or / are read-only, the clean_run function can fail in some very
bad ways.

1. dir=$(mktemp -d) returns an EMPTY string on error.
2. "mount -o bind / $dir", and don't check the result of that,
3. "rm -rf $dir/run/*", which removes the REAL /run contents
4. box gets very weird from this point forward

Signed-Off-By: Robin H. Johnson <robbat2 <AT> gentoo.org>
Signed-Off-By: Chip Parker <infowolfe <AT> gmail.com>
Reported-by: Chip Parker <infowolfe <AT> gmail.com>
Tested-by: Chip Parker <infowolfe <AT> gmail.com>

---
 init.d/bootmisc.in | 33 +++++++++++++++++++++++++++++----
 1 file changed, 29 insertions(+), 4 deletions(-)

diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
index 2ec075f..2f3feee 100644
--- a/init.d/bootmisc.in
+++ b/init.d/bootmisc.in
@@ -119,11 +119,36 @@ clean_run()
 {
 	[ "$RC_SYS" = VSERVER -o "$RC_SYS" = LXC ] && return 0
 	local dir
+	# If / is stll read-only due to a problem, this will fail!
+	mountinfo -q --options-regex '^rw(,|$)' /
+	if [ $? -ne 0 ]; then
+		eerror "/ is not writable; unable to clean up underlying /run"
+		return 1
+	fi
+	# Get the mountpoint used by /tmp (it might be /tmp or /)
+	tmpmnt=`/usr/bin/stat -c '%m' /tmp`
+	mountinfo -q --options-regex '^rw(,|$)' $tmpmnt
+	if [ -n "$tmpmnt" -a $? -ne 0 ]; then
+		eerror "/tmp is not writable; unable to clean up underlying /run"
+		return 1
+	fi
+	# Now we know that we can modify /tmp and /
+	# if mktemp -d fails, it returns an EMPTY string
+	# STDERR: mktemp: failed to create directory via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system
+	# STDOUT: ''
+	rc=0
 	dir=$(mktemp -d)
-	mount --bind / $dir
-	rm -rf $dir/run/*
-	umount $dir
-	rm -rf $dir
+	if [ -n "$dir" -a -d $dir -a -w $dir ]; then
+		mount --bind / $dir && rm -rf $dir/run/* || rc=1
+		umount $dir
+		rm -rf $dir
+	else
+		rc=1
+	fi
+	if [ $rc -ne 0 ]; then
+		eerror "Could not clean up underlying /run on /"
+		return 1
+	fi
 }
 
 start()