Bug#576678: initramfs-tools: breaks but continues if /tmp is mounted with noexec option

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#576678: initramfs-tools: breaks but continues if /tmp is mounted with noexec option
From: Axel Beckert <abe@debian.org>
Date: Tue, 6 Apr 2010 15:08:00 +0200 (CEST)
Message-id: <20100406130800.601201A4B8@nemo.ontheroad.deuxchevaux.org>
Reply-to: Axel Beckert <abe@debian.org>, 576678@bugs.debian.org

Package: initramfs-tools
Version: 0.94
Severity: normal

/tmp on my EeePC is mounted as follows:

tmpfs on /tmp type tmpfs (rw,noexec,nosuid,nodev)

Starting with initramfs-tools 0.94, mkinitramfs throws a lot of error
messages about without neither stopping nor declaring the packages
which triggered that as being not successfully installed:

[…]
Setting up initramfs-tools (0.94) ...
Installing new version of config file /etc/kernel/postrm.d/initramfs-tools ...
Installing new version of config file /etc/kernel/postinst.d/initramfs-tools ...
Installing new version of config file /etc/initramfs-tools/initramfs.conf ...
Installing new version of config file /etc/initramfs-tools/update-initramfs.conf ...
update-initramfs: deferring update (trigger activated)
[…]
Processing triggers for initramfs-tools ...
update-initramfs: Generating /boot/initrd.img-2.6.33-2-686
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/all_generic_ide: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/blacklist: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/keymap: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-bottom/dropbear: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-bottom/udev: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-bottom/cryptopensc: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/devpts: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/dropbear: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/udev: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-premount/resume: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-top/cryptopensc: Permission denied
/usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-top/cryptroot: Permission denied
localepurge: Disk space freed in /usr/share/locale: 0 KiB
[…]

This are possibly two bugs:

1) Fails to stop package installation as well as to mark packages as
   not successfully installed if initramfs generation failed. I regard
   this as bug with at least severity normal.

2) Breaks if /tmp is mounted noexec. Since caring about a noexec
   mounted /tmp is not required by policy, but quite some people use
   it, I regard it as bug with severity minor or wishlist. Possibly
   related to http://bugs.debian.org/567540.

Feel free to clone this bug into two seperate bugs if you intend to
fix both bugs.

For 2) I suggest to allow the administrator to configure an
alternative temporary directory to use. Another possibility would be
to temporarily remount /tmp with exec. This is how I solved the issue
manually for now, but doing this automatically with scripts feels like
circumventing a possibly deliberately made decision of the local
administrator.

-- Package-specific info:
-- /proc/cmdline
BOOT_IMAGE=/boot/vmlinuz-2.6.33-2-686 root=UUID=75818c63-d8e5-4f92-9e2a-b35221e4076b ro quiet

-- /proc/filesystems
	ext3
	fuseblk

-- lsmod
Module                  Size  Used by
tcp_diag                 612  0 
aes_i586                6816  0 
aes_generic            25738  1 aes_i586
sco                     5889  2 
bridge                 32977  0 
stp                      996  1 bridge
bnep                    7591  2 
rfcomm                 24502  1 
l2cap                  22430  4 bnep,rfcomm
crc16                   1027  1 l2cap
bluetooth              35663  6 sco,bnep,rfcomm,l2cap
inet_diag               5938  2 tcp_diag
tun                     8955  2 
fuse                   43964  1 
arc4                     974  2 
ecb                     1405  2 
ath5k                 106605  0 
mac80211              125802  1 ath5k
ath                     6234  1 ath5k
cfg80211               90741  3 ath5k,mac80211,ath
dm_crypt                9156  0 
dm_mod                 47420  1 dm_crypt
snd_hda_codec_realtek   168375  1 
snd_hda_intel          16923  0 
joydev                  6778  0 
snd_hda_codec          48763  2 snd_hda_codec_realtek,snd_hda_intel
snd_hwdep               4082  1 snd_hda_codec
snd_pcm_oss            28722  0 
snd_mixer_oss          10490  1 snd_pcm_oss
snd_pcm                47219  3 snd_hda_intel,snd_hda_codec,snd_pcm_oss
snd_seq_midi            3600  0 
snd_rawmidi            12652  1 snd_seq_midi
snd_seq_midi_event      3672  1 snd_seq_midi
snd_seq                35421  2 snd_seq_midi,snd_seq_midi_event
eeepc_laptop           10004  0 
sparse_keymap           1767  1 eeepc_laptop
snd_timer              12349  2 snd_pcm,snd_seq
snd_seq_device          3673  3 snd_seq_midi,snd_rawmidi,snd_seq
rfkill                 10320  4 bluetooth,cfg80211,eeepc_laptop
uvcvideo               45623  0 
snd                    34703  11 snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_rawmidi,snd_seq,snd_timer,snd_seq_device
serio_raw               3104  0 
led_class               1753  2 ath5k,eeepc_laptop
videodev               27068  1 uvcvideo
tpm_tis                 5496  0 
v4l1_compat            10314  2 uvcvideo,videodev
tpm                     8129  1 tpm_tis
soundcore               3642  1 snd
tpm_bios                3557  1 tpm
psmouse                38755  0 
rng_core                2350  0 
ac                      1640  0 
battery                 3782  0 
pci_hotplug            18127  1 eeepc_laptop
atl2                   17852  0 
snd_page_alloc          5097  2 snd_hda_intel,snd_pcm
processor              25817  1 
evdev                   5629  15 
ext3                   93823  1 
jbd                    32613  1 ext3
mbcache                 3762  1 ext3
usb_storage            30441  0 
sd_mod                 26607  2 
crc_t10dif              1012  1 sd_mod
i915                  217679  2 
ata_generic             2043  0 
drm_kms_helper         18257  1 i915
ahci                   27102  0 
drm                   112447  3 i915,drm_kms_helper
ata_piix               17149  1 
i2c_algo_bit            3497  1 i915
uhci_hcd               16149  0 
libata                115325  3 ata_generic,ahci,ata_piix
ehci_hcd               27870  0 
i2c_core               12265  5 videodev,i915,drm_kms_helper,drm,i2c_algo_bit
intel_agp              20257  1 
scsi_mod              102273  3 usb_storage,sd_mod,libata
video                  15053  1 i915
usbcore               100734  5 uvcvideo,usb_storage,uhci_hcd,ehci_hcd
nls_base                4541  1 usbcore
output                  1196  1 video
button                  3598  1 i915
agpgart                19551  2 drm,intel_agp
thermal                 9405  0 
fan                     2506  0 
thermal_sys             9402  4 processor,video,thermal,fan

-- /etc/kernel-img.conf
# Kernel image management overrides
# See kernel-img.conf(5) for details
do_symlinks = yes
relative_links = yes
do_bootloader = no
do_bootfloppy = no
do_initrd = yes
link_in_boot = no
postinst_hook = update-grub
postrm_hook   = update-grub

-- /etc/initramfs-tools/initramfs.conf
MODULES=most
BUSYBOX=y
KEYMAP=n
COMPRESS=gzip
BOOT=local
DEVICE=eth0
NFSROOT=auto

-- /etc/crypttab
# <target name>	<source device>		<key file>	<options>


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (990, 'unstable'), (600, 'stable'), (500, 'testing'), (110, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.33-2-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages initramfs-tools depends on:
ii  cpio                         2.11-1      GNU cpio -- a program to manage ar
ii  findutils                    4.4.2-1     utilities for finding files--find,
ii  klibc-utils                  1.5.17-4    small utilities built with klibc f
ii  module-init-tools            3.12~pre2-2 tools for managing Linux kernel mo
ii  udev                         151-3       /dev/ and hotplug management daemo

Versions of packages initramfs-tools recommends:
ii  busybox                       1:1.15.3-2 Tiny utilities for small and embed

initramfs-tools suggests no packages.

-- no debconf information

Reply to:

Follow-Ups:
- Bug#576678: initramfs-tools: breaks but continues if /tmp is mounted with noexec option
  - From: maximilian attems <max@stro.at>

Prev by Date: Bug#561203: threads and fork on machine with VIPT-WB cache
Next by Date: Bug#576654: suspicious message: "Can't open /scripts/functions" during upgrade
Previous by thread: Processed: severity of 576677 is important, tagging 576677
Next by thread: Bug#576678: initramfs-tools: breaks but continues if /tmp is mounted with noexec option
Index(es):
- Date
- Thread