From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 1D68A138AD6 for ; Fri, 27 Feb 2015 02:33:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id BC217E0886; Fri, 27 Feb 2015 02:33:20 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 3B247E0886 for ; Fri, 27 Feb 2015 02:33:20 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 463023407B3 for ; Fri, 27 Feb 2015 02:33:19 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id E1FBE12A24 for ; Fri, 27 Feb 2015 02:33:17 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1425004316.61da9865dce3736e36f7a59121f58ced50d6df42.robbat2@OpenRC> Subject: [gentoo-commits] proj/openrc:openrc-0.12.x commit in: init.d/ X-VCS-Repository: proj/openrc X-VCS-Files: init.d/bootmisc.in X-VCS-Directories: init.d/ X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 61da9865dce3736e36f7a59121f58ced50d6df42 X-VCS-Branch: openrc-0.12.x Date: Fri, 27 Feb 2015 02:33:17 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: cb955cdc-67d1-4d5e-a121-8123432e883a X-Archives-Hash: d7cd467f9328d0a4db28addf801c3190 commit: 61da9865dce3736e36f7a59121f58ced50d6df42 Author: Robin H. Johnson gentoo org> AuthorDate: Fri Feb 27 01:58:22 2015 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Fri Feb 27 02:31:56 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=61da9865 bootmisc: clean_run safety improvements. If /tmp or / are read-only, the clean_run function can fail in some very bad ways. 1. dir=$(mktemp -d) returns an EMPTY string on error. 2. "mount -o bind / $dir", and don't check the result of that, 3. "rm -rf $dir/run/*", which removes the REAL /run contents 4. box gets very weird from this point forward Signed-Off-By: Robin H. Johnson gentoo.org> Signed-Off-By: Chip Parker gmail.com> Reported-by: Chip Parker gmail.com> Tested-by: Chip Parker gmail.com> --- init.d/bootmisc.in | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in index 526ebff..4889c93 100644 --- a/init.d/bootmisc.in +++ b/init.d/bootmisc.in @@ -119,11 +119,36 @@ clean_run() { [ "$RC_SYS" = VSERVER ] && return 0 local dir + # If / is stll read-only due to a problem, this will fail! + mountinfo -q --options-regex '^rw(,|$)' / + if [ $? -ne 0 ]; then + eerror "/ is not writable; unable to clean up underlying /run" + return 1 + fi + # Get the mountpoint used by /tmp (it might be /tmp or /) + tmpmnt=`/usr/bin/stat -c '%m' /tmp` + mountinfo -q --options-regex '^rw(,|$)' $tmpmnt + if [ -n "$tmpmnt" -a $? -ne 0 ]; then + eerror "/tmp is not writable; unable to clean up underlying /run" + return 1 + fi + # Now we know that we can modify /tmp and / + # if mktemp -d fails, it returns an EMPTY string + # STDERR: mktemp: failed to create directory via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system + # STDOUT: '' + rc=0 dir=$(mktemp -d) - mount --bind / $dir - rm -rf $dir/run/* - umount $dir - rm -rf $dir + if [ -n "$dir" -a -d $dir -a -w $dir ]; then + mount --bind / $dir && rm -rf $dir/run/* || rc=1 + umount $dir + rm -rf $dir + else + rc=1 + fi + if [ $rc -ne 0 ]; then + eerror "Could not clean up underlying /run on /" + return 1 + fi } start()