On 12.04.2016 16:41, Guido Trentalancia wrote:
> On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote:
>> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia:
>>> Do not mount the /run directory with the "noexec" option, otherwise
>>> the
>>> system bootup fails (no binary can be executed, everything fails
>>> with
>>> permission denied errors).
>>>
>>> The bug was introduced in version 042 (11 Jun 2015) and affects all
>>> versions up to 044 (latest) and including git checked out on 12 Apr
>>> 2016.
>>>
>>> Signed-off-by: Guido Trentalancia <guido@xxxxxxxxxxxxxxxx>
>>> ---
>>> modules.d/99base/init.sh | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> --- dracut-044/modules.d/99base/init.sh 2015-11-25
>>> 14:22:28.000000000 +0100
>>> +++ dracut-044-99base-init-should-mount-newrun-as-
>>> exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387
>>> +0200
>>> @@ -64,7 +64,7 @@ fi
>>>
>>> if ! ismounted /run; then
>>> mkdir -m 0755 /newrun
>>> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime
>>> tmpfs /newrun >/dev/null
>>> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs
>>> /newrun >/dev/null
>>> cp -a /run/* /newrun >/dev/null 2>&1
>>> mount --move /newrun /run
>>> rm -fr -- /newrun
>>>
>>
>> Which binary resides in /run ??
>
>
> The whole initram filesystem binaries, including (/run/initramfs)/bin,
> (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and
> (/run/initramfs)/usr/sbin.
>
> It starts to break immediately after mount at line 70 of 99base/init.sh
> (rm -fr -- /newrun) up to and including 99base/udevsettle() (loops the
> "permission denied" failure on execution of udevadm).
>
> The patch has been tested and it works fine. Without the patch, dracut
> is unusable (the system cannot be booted).
>
> Regards,
>
> Guido
I would prefer something like this. Care to check, if that solves it?
diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
index bd7ef70..31126d6 100755
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
@@ -64,7 +64,12 @@ fi
if ! ismounted /run; then
mkdir -m 0755 /newrun
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ if ! str_starts "$(readlink -f /bin/sh)" "/run"; then
+ mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ else
+ # the initramfs is based in /run, so don't mount it with noexec
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ fi
cp -a /run/* /newrun >/dev/null 2>&1
mount --move /newrun /run
rm -fr -- /newrun
--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
