[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#576678: initramfs-tools: breaks but continues if /tmp is mounted with noexec option

On Tue, Apr 06, 2010 at 03:08:00PM +0200, Axel Beckert wrote:
> Package: initramfs-tools
> Version: 0.94
> Severity: normal
> 
> /tmp on my EeePC is mounted as follows:
> 
> tmpfs on /tmp type tmpfs (rw,noexec,nosuid,nodev)
 
> Starting with initramfs-tools 0.94, mkinitramfs throws a lot of error
> messages about without neither stopping nor declaring the packages
> which triggered that as being not successfully installed:
> 
> [???]
> Setting up initramfs-tools (0.94) ...
> Installing new version of config file /etc/kernel/postrm.d/initramfs-tools ...
> Installing new version of config file /etc/kernel/postinst.d/initramfs-tools ...
> Installing new version of config file /etc/initramfs-tools/initramfs.conf ...
> Installing new version of config file /etc/initramfs-tools/update-initramfs.conf ...
> update-initramfs: deferring update (trigger activated)
> [???]
> Processing triggers for initramfs-tools ...
> update-initramfs: Generating /boot/initrd.img-2.6.33-2-686
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/all_generic_ide: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/blacklist: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-top/keymap: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-bottom/dropbear: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-bottom/udev: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-bottom/cryptopensc: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/devpts: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/dropbear: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/init-premount/udev: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-premount/resume: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-top/cryptopensc: Permission denied
> /usr/sbin/mkinitramfs: 276: /tmp/mkinitramfs_Ck5cpl/scripts/local-top/cryptroot: Permission denied
> localepurge: Disk space freed in /usr/share/locale: 0 KiB
> [???]

this is due to the new precache code,
that runs things so that they don't need to do so on every boot
for better bootspeed.
 
> This are possibly two bugs:
> 
> 1) Fails to stop package installation as well as to mark packages as
>    not successfully installed if initramfs generation failed. I regard
>    this as bug with at least severity normal.
> 
> 2) Breaks if /tmp is mounted noexec. Since caring about a noexec
>    mounted /tmp is not required by policy, but quite some people use
>    it, I regard it as bug with severity minor or wishlist. Possibly
>    related to http://bugs.debian.org/567540.

guess to disable that feature on noexec /tmp and warn about it
is the way to go.

> Feel free to clone this bug into two seperate bugs if you intend to
> fix both bugs.
> 
> For 2) I suggest to allow the administrator to configure an
> alternative temporary directory to use. Another possibility would be
> to temporarily remount /tmp with exec. This is how I solved the issue
> manually for now, but doing this automatically with scripts feels like
> circumventing a possibly deliberately made decision of the local
> administrator.

thanks for pointing it out.
mkinitramfs uses TMPDIR, do you have that variable set?
Reply to: