From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 251DD138AD6 for ; Fri, 27 Feb 2015 02:33:12 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id A3827E0814; Fri, 27 Feb 2015 02:33:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 45E51E0814 for ; Fri, 27 Feb 2015 02:33:11 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id F31513407B3 for ; Fri, 27 Feb 2015 02:33:09 +0000 (UTC) Received: from localhost.localdomain (localhost [127.0.0.1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 9DDBD12A24 for ; Fri, 27 Feb 2015 02:33:08 +0000 (UTC) From: "Robin H. Johnson" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Robin H. Johnson" Message-ID: <1425004345.4d49bd051d64a69ddf647708af4845783c0cd249.robbat2@OpenRC> Subject: [gentoo-commits] proj/openrc:openrc-0.13.x commit in: init.d/ X-VCS-Repository: proj/openrc X-VCS-Files: init.d/bootmisc.in X-VCS-Directories: init.d/ X-VCS-Committer: robbat2 X-VCS-Committer-Name: Robin H. Johnson X-VCS-Revision: 4d49bd051d64a69ddf647708af4845783c0cd249 X-VCS-Branch: openrc-0.13.x Date: Fri, 27 Feb 2015 02:33:08 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: 1db54eb4-5434-4e6c-87fa-2988387127ea X-Archives-Hash: e9251c9d0ad15670584b8a0878463609 commit: 4d49bd051d64a69ddf647708af4845783c0cd249 Author: Robin H. Johnson gentoo org> AuthorDate: Fri Feb 27 01:58:22 2015 +0000 Commit: Robin H. Johnson gentoo org> CommitDate: Fri Feb 27 02:32:25 2015 +0000 URL: http://sources.gentoo.org/gitweb/?p=proj/openrc.git;a=commit;h=4d49bd05 bootmisc: clean_run safety improvements. If /tmp or / are read-only, the clean_run function can fail in some very bad ways. 1. dir=$(mktemp -d) returns an EMPTY string on error. 2. "mount -o bind / $dir", and don't check the result of that, 3. "rm -rf $dir/run/*", which removes the REAL /run contents 4. box gets very weird from this point forward Signed-Off-By: Robin H. Johnson gentoo.org> Signed-Off-By: Chip Parker gmail.com> Reported-by: Chip Parker gmail.com> Tested-by: Chip Parker gmail.com> --- init.d/bootmisc.in | 33 +++++++++++++++++++++++++++++---- 1 file changed, 29 insertions(+), 4 deletions(-) diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in index 2ec075f..2f3feee 100644 --- a/init.d/bootmisc.in +++ b/init.d/bootmisc.in @@ -119,11 +119,36 @@ clean_run() { [ "$RC_SYS" = VSERVER -o "$RC_SYS" = LXC ] && return 0 local dir + # If / is stll read-only due to a problem, this will fail! + mountinfo -q --options-regex '^rw(,|$)' / + if [ $? -ne 0 ]; then + eerror "/ is not writable; unable to clean up underlying /run" + return 1 + fi + # Get the mountpoint used by /tmp (it might be /tmp or /) + tmpmnt=`/usr/bin/stat -c '%m' /tmp` + mountinfo -q --options-regex '^rw(,|$)' $tmpmnt + if [ -n "$tmpmnt" -a $? -ne 0 ]; then + eerror "/tmp is not writable; unable to clean up underlying /run" + return 1 + fi + # Now we know that we can modify /tmp and / + # if mktemp -d fails, it returns an EMPTY string + # STDERR: mktemp: failed to create directory via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system + # STDOUT: '' + rc=0 dir=$(mktemp -d) - mount --bind / $dir - rm -rf $dir/run/* - umount $dir - rm -rf $dir + if [ -n "$dir" -a -d $dir -a -w $dir ]; then + mount --bind / $dir && rm -rf $dir/run/* || rc=1 + umount $dir + rm -rf $dir + else + rc=1 + fi + if [ $rc -ne 0 ]; then + eerror "Could not clean up underlying /run on /" + return 1 + fi } start()