* [PATCH] dracut: 99base: do not mount /run with the "noexec" option
@ 2016-04-12 14:07 Guido Trentalancia
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-12 14:07 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: harald-H+wXaHxf7aLQT0dZR+AlfA
Do not mount the /run directory with the "noexec" option, otherwise the
system bootup fails (no binary can be executed, everything fails with
permission denied errors).
The bug was introduced in version 042 (11 Jun 2015) and affects all
versions up to 044 (latest) and including git checked out on 12 Apr 2016.
Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
---
modules.d/99base/init.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- dracut-044/modules.d/99base/init.sh 2015-11-25 14:22:28.000000000 +0100
+++ dracut-044-99base-init-should-mount-newrun-as-exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 +0200
@@ -64,7 +64,7 @@ fi
if ! ismounted /run; then
mkdir -m 0755 /newrun
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
cp -a /run/* /newrun >/dev/null 2>&1
mount --move /newrun /run
rm -fr -- /newrun
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
@ 2016-04-12 14:24 ` Harald Hoyer
[not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-12 15:07 ` [PATCH] " Guido Trentalancia
1 sibling, 1 reply; 10+ messages in thread
From: Harald Hoyer @ 2016-04-12 14:24 UTC (permalink / raw)
To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA
Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
> Do not mount the /run directory with the "noexec" option, otherwise the
> system bootup fails (no binary can be executed, everything fails with
> permission denied errors).
>
> The bug was introduced in version 042 (11 Jun 2015) and affects all
> versions up to 044 (latest) and including git checked out on 12 Apr 2016.
>
> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
> ---
> modules.d/99base/init.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- dracut-044/modules.d/99base/init.sh 2015-11-25 14:22:28.000000000 +0100
> +++ dracut-044-99base-init-should-mount-newrun-as-exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 +0200
> @@ -64,7 +64,7 @@ fi
>
> if ! ismounted /run; then
> mkdir -m 0755 /newrun
> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
> cp -a /run/* /newrun >/dev/null 2>&1
> mount --move /newrun /run
> rm -fr -- /newrun
>
Which binary resides in /run ??
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
@ 2016-04-12 14:41 ` Guido Trentalancia
[not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-12 14:41 UTC (permalink / raw)
To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA
On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
> > Do not mount the /run directory with the "noexec" option, otherwise
> > the
> > system bootup fails (no binary can be executed, everything fails
> > with
> > permission denied errors).
> >
> > The bug was introduced in version 042 (11 Jun 2015) and affects all
> > versions up to 044 (latest) and including git checked out on 12 Apr
> > 2016.
> >
> > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
> > ---
> > modules.d/99base/init.sh | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > --- dracut-044/modules.d/99base/init.sh 2015-11-25
> > 14:22:28.000000000 +0100
> > +++ dracut-044-99base-init-should-mount-newrun-as-
> > exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387
> > +0200
> > @@ -64,7 +64,7 @@ fi
> >
> > if ! ismounted /run; then
> > mkdir -m 0755 /newrun
> > - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
> > tmpfs /newrun >/dev/null
> > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
> > /newrun >/dev/null
> > cp -a /run/* /newrun >/dev/null 2>&1
> > mount --move /newrun /run
> > rm -fr -- /newrun
> >
>
> Which binary resides in /run ??
The whole initram filesystem binaries, including (/run/initramfs)/bin,
(/run/initramfs)/sbin, (/run/initramfs)/usr/bin and
(/run/initramfs)/usr/sbin.
It starts to break immediately after mount at line 70 of 99base/init.sh
(rm -fr -- /newrun) up to and including 99base/udevsettle() (loops the
"permission denied" failure on execution of udevadm).
The patch has been tested and it works fine. Without the patch, dracut
is unusable (the system cannot be booted).
Regards,
Guido
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-12 14:24 ` Harald Hoyer
@ 2016-04-12 15:07 ` Guido Trentalancia
1 sibling, 0 replies; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-12 15:07 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: harald-H+wXaHxf7aLQT0dZR+AlfA
In git the bug was introduced with the following commit:
commit c4184b5cf1b4892712de1370f8d2d92e5cc2e705
Date: Sat Nov 15 17:01:18 2014 +0300
Mount /dev, /dev/shm and /run noexec
The patch I proposed partially reverts that in order to fix this major
bug.
Regards,
Guido
On mar, 2016-04-12 at 16:07 +0200, Guido Trentalancia wrote:
> Do not mount the /run directory with the "noexec" option, otherwise
> the
> system bootup fails (no binary can be executed, everything fails with
> permission denied errors).
>
> The bug was introduced in version 042 (11 Jun 2015) and affects all
> versions up to 044 (latest) and including git checked out on 12 Apr
> 2016.
>
> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
> ---
> modules.d/99base/init.sh | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> --- dracut-044/modules.d/99base/init.sh 2015-11-25
> 14:22:28.000000000 +0100
> +++ dracut-044-99base-init-should-mount-newrun-as-
> exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387
> +0200
> @@ -64,7 +64,7 @@ fi
>
> if ! ismounted /run; then
> mkdir -m 0755 /newrun
> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
> tmpfs /newrun >/dev/null
> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
> /newrun >/dev/null
> cp -a /run/* /newrun >/dev/null 2>&1
> mount --move /newrun /run
> rm -fr -- /newrun
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
@ 2016-04-14 10:33 ` Harald Hoyer
[not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Harald Hoyer @ 2016-04-14 10:33 UTC (permalink / raw)
To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA
On 12.04.2016 16:41, Guido Trentalancia wrote:
> On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
>> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
>>> Do not mount the /run directory with the "noexec" option, otherwise
>>> the
>>> system bootup fails (no binary can be executed, everything fails
>>> with
>>> permission denied errors).
>>>
>>> The bug was introduced in version 042 (11 Jun 2015) and affects all
>>> versions up to 044 (latest) and including git checked out on 12 Apr
>>> 2016.
>>>
>>> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
>>> ---
>>> modules.d/99base/init.sh | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> --- dracut-044/modules.d/99base/init.sh 2015-11-25
>>> 14:22:28.000000000 +0100
>>> +++ dracut-044-99base-init-should-mount-newrun-as-
>>> exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387
>>> +0200
>>> @@ -64,7 +64,7 @@ fi
>>>
>>> if ! ismounted /run; then
>>> mkdir -m 0755 /newrun
>>> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
>>> tmpfs /newrun >/dev/null
>>> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
>>> /newrun >/dev/null
>>> cp -a /run/* /newrun >/dev/null 2>&1
>>> mount --move /newrun /run
>>> rm -fr -- /newrun
>>>
>>
>> Which binary resides in /run ??
>
>
> The whole initram filesystem binaries, including (/run/initramfs)/bin,
> (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and
> (/run/initramfs)/usr/sbin.
>
> It starts to break immediately after mount at line 70 of 99base/init.sh
> (rm -fr -- /newrun) up to and including 99base/udevsettle() (loops the
> "permission denied" failure on execution of udevadm).
>
> The patch has been tested and it works fine. Without the patch, dracut
> is unusable (the system cannot be booted).
>
> Regards,
>
> Guido
I would prefer something like this. Care to check, if that solves it?
diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
index bd7ef70..31126d6 100755
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
@@ -64,7 +64,12 @@ fi
if ! ismounted /run; then
mkdir -m 0755 /newrun
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ if ! str_starts "$(readlink -f /bin/sh)" "/run"; then
+ mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ else
+ # the initramfs is based in /run, so don't mount it with noexec
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ fi
cp -a /run/* /newrun >/dev/null 2>&1
mount --move /newrun /run
rm -fr -- /newrun
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
@ 2016-04-14 11:03 ` Dracut GitHub Import Bot
[not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org>
2016-04-14 11:18 ` Guido Trentalancia
1 sibling, 1 reply; 10+ messages in thread
From: Dracut GitHub Import Bot @ 2016-04-14 11:03 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
Patchset imported to github.
Pull request:
<https://github.com/haraldh/dracut/compare/master...dracut-mailing-devs:570F71FD.3020101%40redhat.com>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-14 11:03 ` Dracut GitHub Import Bot
@ 2016-04-14 11:18 ` Guido Trentalancia
[not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
1 sibling, 1 reply; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-14 11:18 UTC (permalink / raw)
To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA
Hello Harald.
My reply follows the quoted text from previous messages...
On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote:
> On 12.04.2016 16:41, Guido Trentalancia wrote:
> > On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
> > > Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
> > > > Do not mount the /run directory with the "noexec" option,
> > > > otherwise
> > > > the
> > > > system bootup fails (no binary can be executed, everything
> > > > fails
> > > > with
> > > > permission denied errors).
> > > >
> > > > The bug was introduced in version 042 (11 Jun 2015) and affects
> > > > all
> > > > versions up to 044 (latest) and including git checked out on 12
> > > > Apr
> > > > 2016.
> > > >
> > > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
> > > > ---
> > > > modules.d/99base/init.sh | 2 +-
> > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > >
> > > > --- dracut-044/modules.d/99base/init.sh 2015-11-25
> > > > 14:22:28.000000000 +0100
> > > > +++ dracut-044-99base-init-should-mount-newrun-as-
> > > > exec/modules.d/99base/init.sh 2016-04-12
> > > > 15:37:44.163185387
> > > > +0200
> > > > @@ -64,7 +64,7 @@ fi
> > > >
> > > > if ! ismounted /run; then
> > > > mkdir -m 0755 /newrun
> > > > - mount -t tmpfs -o
> > > > mode=0755,noexec,nosuid,nodev,strictatime
> > > > tmpfs /newrun >/dev/null
> > > > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
> > > > /newrun >/dev/null
> > > > cp -a /run/* /newrun >/dev/null 2>&1
> > > > mount --move /newrun /run
> > > > rm -fr -- /newrun
> > > >
> > >
> > > Which binary resides in /run ??
> >
> >
> > The whole initram filesystem binaries, including
> > (/run/initramfs)/bin,
> > (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and
> > (/run/initramfs)/usr/sbin.
[...]
> > The patch has been tested and it works fine. Without the patch,
> > dracut
> > is unusable (the system cannot be booted).
[...]
> I would prefer something like this. Care to check, if that solves it?
No, it does NOT work.
Harald, you should apply the patch I sent to you (and quoted above),
unmodified in order to sort out this major bug which produces
unbootable initram filesystems.
> diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
> index bd7ef70..31126d6 100755
> --- a/modules.d/99base/init.sh
> +++ b/modules.d/99base/init.sh
> @@ -64,7 +64,12 @@ fi
>
> if ! ismounted /run; then
> mkdir -m 0755 /newrun
> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
> tmpfs /newrun >/dev/null
> + if ! str_starts "$(readlink -f /bin/sh)" "/run"; then
> + mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
> tmpfs /newrun >/dev/null
> + else
> + # the initramfs is based in /run, so don't mount it with
> noexec
> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
> /newrun >/dev/null
> + fi
> cp -a /run/* /newrun >/dev/null 2>&1
> mount --move /newrun /run
> rm -fr -- /newrun
Regards,
Guido
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
@ 2016-04-14 11:30 ` Harald Hoyer
[not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Harald Hoyer @ 2016-04-14 11:30 UTC (permalink / raw)
To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA
On 14.04.2016 13:18, Guido Trentalancia wrote:
> Hello Harald.
>
> My reply follows the quoted text from previous messages...
>
> On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote:
>> On 12.04.2016 16:41, Guido Trentalancia wrote:
>>> On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
>>>> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
>>>>> Do not mount the /run directory with the "noexec" option,
>>>>> otherwise
>>>>> the
>>>>> system bootup fails (no binary can be executed, everything
>>>>> fails
>>>>> with
>>>>> permission denied errors).
>>>>>
>>>>> The bug was introduced in version 042 (11 Jun 2015) and affects
>>>>> all
>>>>> versions up to 044 (latest) and including git checked out on 12
>>>>> Apr
>>>>> 2016.
>>>>>
>>>>> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
>>>>> ---
>>>>> modules.d/99base/init.sh | 2 +-
>>>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>>>
>>>>> --- dracut-044/modules.d/99base/init.sh 2015-11-25
>>>>> 14:22:28.000000000 +0100
>>>>> +++ dracut-044-99base-init-should-mount-newrun-as-
>>>>> exec/modules.d/99base/init.sh 2016-04-12
>>>>> 15:37:44.163185387
>>>>> +0200
>>>>> @@ -64,7 +64,7 @@ fi
>>>>>
>>>>> if ! ismounted /run; then
>>>>> mkdir -m 0755 /newrun
>>>>> - mount -t tmpfs -o
>>>>> mode=0755,noexec,nosuid,nodev,strictatime
>>>>> tmpfs /newrun >/dev/null
>>>>> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
>>>>> /newrun >/dev/null
>>>>> cp -a /run/* /newrun >/dev/null 2>&1
>>>>> mount --move /newrun /run
>>>>> rm -fr -- /newrun
>>>>>
>>>>
>>>> Which binary resides in /run ??
>>>
>>>
>>> The whole initram filesystem binaries, including
>>> (/run/initramfs)/bin,
>>> (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and
>>> (/run/initramfs)/usr/sbin.
>
> [...]
>
>>> The patch has been tested and it works fine. Without the patch,
>>> dracut
>>> is unusable (the system cannot be booted).
>
> [...]
>
>> I would prefer something like this. Care to check, if that solves it?
>
> No, it does NOT work.
>
> Harald, you should apply the patch I sent to you (and quoted above),
> unmodified in order to sort out this major bug which produces
> unbootable initram filesystems.
Well, this is a corner case.
May I ask:
Which distribution do you use?
Which dracut version do you use?
What is the output of:
# lsinitrd <initramfs_image>
What is the output of:
# egrep . /etc/dracut.conf /etc/dracut.conf.d/*.conf /usr/lib/dracut/dracut.conf.d/*.conf
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v2] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
@ 2016-04-14 11:41 ` Guido Trentalancia
0 siblings, 0 replies; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-14 11:41 UTC (permalink / raw)
To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA
Hello Harald.
Given that you insist, I'll help you on this...
Please try the attached second version of the patch, which includes the
check you like.
On gio, 2016-04-14 at 13:30 +0200, Harald Hoyer wrote:
> On 14.04.2016 13:18, Guido Trentalancia wrote:
> > Hello Harald.
> >
> > My reply follows the quoted text from previous messages...
> >
> > On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote:
> > > On 12.04.2016 16:41, Guido Trentalancia wrote:
> > > > On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
> > > > > Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
> > > > > > Do not mount the /run directory with the "noexec" option,
> > > > > > otherwise
> > > > > > the
> > > > > > system bootup fails (no binary can be executed, everything
> > > > > > fails
> > > > > > with
> > > > > > permission denied errors).
> > > > > >
> > > > > > The bug was introduced in version 042 (11 Jun 2015) and
> > > > > > affects
> > > > > > all
> > > > > > versions up to 044 (latest) and including git checked out
> > > > > > on 12
> > > > > > Apr
> > > > > > 2016.
> > > > > >
> > > > > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
> > > > > > ---
> > > > > > modules.d/99base/init.sh | 2 +-
> > > > > > 1 file changed, 1 insertion(+), 1 deletion(-)
> > > > > >
> > > > > > --- dracut-044/modules.d/99base/init.sh 2015-11-25
> > > > > > 14:22:28.000000000 +0100
> > > > > > +++ dracut-044-99base-init-should-mount-newrun-as-
> > > > > > exec/modules.d/99base/init.sh 2016-04-12
> > > > > > 15:37:44.163185387
> > > > > > +0200
> > > > > > @@ -64,7 +64,7 @@ fi
> > > > > >
> > > > > > if ! ismounted /run; then
> > > > > > mkdir -m 0755 /newrun
> > > > > > - mount -t tmpfs -o
> > > > > > mode=0755,noexec,nosuid,nodev,strictatime
> > > > > > tmpfs /newrun >/dev/null
> > > > > > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime
> > > > > > tmpfs
> > > > > > /newrun >/dev/null
> > > > > > cp -a /run/* /newrun >/dev/null 2>&1
> > > > > > mount --move /newrun /run
> > > > > > rm -fr -- /newrun
Do not mount the /run directory with the "noexec" option, otherwise the
system bootup fails (no binary can be executed, everything fails with
permission denied errors).
The bug was introduced with the following commit:
commit c4184b5cf1b4892712de1370f8d2d92e5cc2e705
Author: Nikoli
Date: Sat Nov 15 17:01:18 2014 +0300
and it started to affect version 042 (11 Jun 2015) and greater up and
including version 044 (latest) and git checked out on 13 Apr 2016.
Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
---
modules.d/99base/init.sh | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
--- dracut-042/modules.d/99base/init.sh 2016-04-14 13:34:31.594743542 +0200
+++ dracut-042-99base-init-should-mount-newrun-as-exec-v2/modules.d/99base/init.sh 2016-04-14 13:34:09.442551940 +0200
@@ -64,7 +64,12 @@ fi
if ! ismounted /run; then
mkdir -m 0755 /newrun
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ if [ `echo $(readlink -f /bin/sh) | grep "^/run/"` ]; then
+ mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ else
+ # the initramfs is based in /run, so don't mount it with noexec
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ fi
cp -a /run/* /newrun >/dev/null 2>&1
mount --move /newrun /run
rm -fr -- /newrun
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option
[not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org>
@ 2016-04-14 11:46 ` Guido Trentalancia
0 siblings, 0 replies; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-14 11:46 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: Harald Hoyer
On Thu, 2016-04-14 at 11:03 +0000, Dracut GitHub Import Bot wrote:
> Patchset imported to github.
> Pull request:
> <https://github.com/haraldh/dracut/compare/master...dracut-mailing-de
> vs:570F71FD.3020101%40redhat.com>
As already explained, the above is broken and it won't work.
Please see message with subject "[PATCH v2] dracut: 99base: do not
mount /run with the "noexec" option" which includes a new version with
the check that you insist to include.
Regards,
Guido
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-04-14 11:46 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-04-12 14:07 [PATCH] dracut: 99base: do not mount /run with the "noexec" option Guido Trentalancia
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-12 14:24 ` Harald Hoyer
[not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-12 14:41 ` Guido Trentalancia
[not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-14 10:33 ` Harald Hoyer
[not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-14 11:03 ` Dracut GitHub Import Bot
[not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org>
2016-04-14 11:46 ` Guido Trentalancia
2016-04-14 11:18 ` Guido Trentalancia
[not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-14 11:30 ` Harald Hoyer
[not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-14 11:41 ` [PATCH v2] " Guido Trentalancia
2016-04-12 15:07 ` [PATCH] " Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.