Bug#233798: Patch to check for mount options
On Tue, Jul 31, 2007 at 07:08:04PM +0200, calvin@users.sourceforge.net wrote:
> I forgot to attach the patch :/
> +check_mount_options () {
> + local mtab=/proc/mounts
> + local T=`readlink -f -n -q "$1"`
> + while [ -n "$T" ]; do
> + if cat $mtab | grep -q " $T "; then
> + # found a mount point
> + local opts=`cat $mtab | grep " $T " | cut -d" " -f4`
> + if echo $opts | grep -E -q "no(dev|exec)"; then
> + return 0
> + fi
Thanks for the patch.
I think it's better to use a feature test ("can I create working devices
and executables?") rather than a platform test ("are these mount options
disabled?"). That way you don't have to deal with messy issues like
predicting exactly how something is going to show up in /proc/mounts,
finding the enclosing mountpoint, etc.
I committed the following patch based on your suggestions:
Index: debian/changelog
===================================================================
--- debian/changelog (revision 49821)
+++ debian/changelog (revision 49822)
@@ -12,6 +12,8 @@
* Add support for ssh:/// URLs (thanks, Steffen Joeris; closes: #434893).
* Fix Ubuntu hoary and breezy scripts to unmount /dev etc. on exit
(closes: #327708).
+ * Emit an error if we cannot create working devices or executables on the
+ target (based on work by Bastian Kleineidam; closes: #233798).
-- Otavio Salvador <otavio@debian.org> Tue, 16 Oct 2007 16:47:55 -0200
Index: debootstrap
===================================================================
--- debootstrap (revision 49821)
+++ debootstrap (revision 49822)
@@ -351,6 +351,13 @@
###########################################################################
+# Ensure that we can create working devices and executables on the target.
+if ! check_sane_mount "$TARGET"; then
+ error 1 NOEXEC "Cannot install into target '$TARGET' mounted with noexec or nodev"
+fi
+
+###########################################################################
+
if [ "$UNPACK_TARBALL" ]; then
if [ "${UNPACK_TARBALL#/}" = "$UNPACK_TARBALL" ]; then
error 1 TARPATH "Tarball must be given a complete path"
Index: functions
===================================================================
--- functions (revision 49821)
+++ functions (revision 49822)
@@ -989,6 +989,37 @@
################################################################### helpers
+# Return zero if it is possible to create devices and execute programs in
+# this directory. (Both may be forbidden by mount options, e.g. nodev and
+# noexec respectively.)
+check_sane_mount () {
+ case "$ARCH" in
+ kfreebsd-*|hurd-*)
+ ;;
+ *)
+ mknod "$1/test-dev-null" c 1 3 || return 1
+ if ! echo test > "$1/test-dev-null"; then
+ rm -f "$1/test-dev-null"
+ return 1
+ fi
+ rm -f "$1/test-dev-null"
+ ;;
+ esac
+
+ cat > "$1/test-exec" <<EOF
+#! /bin/sh
+:
+EOF
+ chmod +x "$1/test-exec"
+ if ! "$1/test-exec"; then
+ rm -f "$1/test-exec"
+ return 1
+ fi
+ rm -f "$1/test-exec"
+
+ return 0
+}
+
read_gpg_status () {
badsig=
unkkey=
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: