* [PATCH] dracut: 99base: do not mount /run with the "noexec" option
@ 2016-04-12 14:07 Guido Trentalancia
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
0 siblings, 1 reply; 10+ messages in thread
From: Guido Trentalancia @ 2016-04-12 14:07 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: harald-H+wXaHxf7aLQT0dZR+AlfA
Do not mount the /run directory with the "noexec" option, otherwise the
system bootup fails (no binary can be executed, everything fails with
permission denied errors).
The bug was introduced in version 042 (11 Jun 2015) and affects all
versions up to 044 (latest) and including git checked out on 12 Apr 2016.
Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
---
modules.d/99base/init.sh | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- dracut-044/modules.d/99base/init.sh 2015-11-25 14:22:28.000000000 +0100
+++ dracut-044-99base-init-should-mount-newrun-as-exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 +0200
@@ -64,7 +64,7 @@ fi
if ! ismounted /run; then
mkdir -m 0755 /newrun
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
cp -a /run/* /newrun >/dev/null 2>&1
mount --move /newrun /run
rm -fr -- /newrun
^ permalink raw reply [flat|nested] 10+ messages in thread[parent not found: <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>]
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> @ 2016-04-12 14:24 ` Harald Hoyer [not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2016-04-12 15:07 ` [PATCH] " Guido Trentalancia 1 sibling, 1 reply; 10+ messages in thread From: Harald Hoyer @ 2016-04-12 14:24 UTC (permalink / raw) To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: > Do not mount the /run directory with the "noexec" option, otherwise the > system bootup fails (no binary can be executed, everything fails with > permission denied errors). > > The bug was introduced in version 042 (11 Jun 2015) and affects all > versions up to 044 (latest) and including git checked out on 12 Apr 2016. > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> > --- > modules.d/99base/init.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- dracut-044/modules.d/99base/init.sh 2015-11-25 14:22:28.000000000 +0100 > +++ dracut-044-99base-init-should-mount-newrun-as-exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 +0200 > @@ -64,7 +64,7 @@ fi > > if ! ismounted /run; then > mkdir -m 0755 /newrun > - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null > cp -a /run/* /newrun >/dev/null 2>&1 > mount --move /newrun /run > rm -fr -- /newrun > Which binary resides in /run ?? ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> @ 2016-04-12 14:41 ` Guido Trentalancia [not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> 0 siblings, 1 reply; 10+ messages in thread From: Guido Trentalancia @ 2016-04-12 14:41 UTC (permalink / raw) To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote: > Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: > > Do not mount the /run directory with the "noexec" option, otherwise > > the > > system bootup fails (no binary can be executed, everything fails > > with > > permission denied errors). > > > > The bug was introduced in version 042 (11 Jun 2015) and affects all > > versions up to 044 (latest) and including git checked out on 12 Apr > > 2016. > > > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> > > --- > > modules.d/99base/init.sh | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > --- dracut-044/modules.d/99base/init.sh 2015-11-25 > > 14:22:28.000000000 +0100 > > +++ dracut-044-99base-init-should-mount-newrun-as- > > exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 > > +0200 > > @@ -64,7 +64,7 @@ fi > > > > if ! ismounted /run; then > > mkdir -m 0755 /newrun > > - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime > > tmpfs /newrun >/dev/null > > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs > > /newrun >/dev/null > > cp -a /run/* /newrun >/dev/null 2>&1 > > mount --move /newrun /run > > rm -fr -- /newrun > > > > Which binary resides in /run ?? The whole initram filesystem binaries, including (/run/initramfs)/bin, (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and (/run/initramfs)/usr/sbin. It starts to break immediately after mount at line 70 of 99base/init.sh (rm -fr -- /newrun) up to and including 99base/udevsettle() (loops the "permission denied" failure on execution of udevadm). The patch has been tested and it works fine. Without the patch, dracut is unusable (the system cannot be booted). Regards, Guido ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>]
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> @ 2016-04-14 10:33 ` Harald Hoyer [not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 10+ messages in thread From: Harald Hoyer @ 2016-04-14 10:33 UTC (permalink / raw) To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA On 12.04.2016 16:41, Guido Trentalancia wrote: > On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote: >> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: >>> Do not mount the /run directory with the "noexec" option, otherwise >>> the >>> system bootup fails (no binary can be executed, everything fails >>> with >>> permission denied errors). >>> >>> The bug was introduced in version 042 (11 Jun 2015) and affects all >>> versions up to 044 (latest) and including git checked out on 12 Apr >>> 2016. >>> >>> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> >>> --- >>> modules.d/99base/init.sh | 2 +- >>> 1 file changed, 1 insertion(+), 1 deletion(-) >>> >>> --- dracut-044/modules.d/99base/init.sh 2015-11-25 >>> 14:22:28.000000000 +0100 >>> +++ dracut-044-99base-init-should-mount-newrun-as- >>> exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 >>> +0200 >>> @@ -64,7 +64,7 @@ fi >>> >>> if ! ismounted /run; then >>> mkdir -m 0755 /newrun >>> - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime >>> tmpfs /newrun >/dev/null >>> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs >>> /newrun >/dev/null >>> cp -a /run/* /newrun >/dev/null 2>&1 >>> mount --move /newrun /run >>> rm -fr -- /newrun >>> >> >> Which binary resides in /run ?? > > > The whole initram filesystem binaries, including (/run/initramfs)/bin, > (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and > (/run/initramfs)/usr/sbin. > > It starts to break immediately after mount at line 70 of 99base/init.sh > (rm -fr -- /newrun) up to and including 99base/udevsettle() (loops the > "permission denied" failure on execution of udevadm). > > The patch has been tested and it works fine. Without the patch, dracut > is unusable (the system cannot be booted). > > Regards, > > Guido I would prefer something like this. Care to check, if that solves it? diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh index bd7ef70..31126d6 100755 --- a/modules.d/99base/init.sh +++ b/modules.d/99base/init.sh @@ -64,7 +64,12 @@ fi if ! ismounted /run; then mkdir -m 0755 /newrun - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + if ! str_starts "$(readlink -f /bin/sh)" "/run"; then + mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + else + # the initramfs is based in /run, so don't mount it with noexec + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + fi cp -a /run/* /newrun >/dev/null 2>&1 mount --move /newrun /run rm -fr -- /newrun ^ permalink raw reply related [flat|nested] 10+ messages in thread
[parent not found: <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]
* Re: Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> @ 2016-04-14 11:03 ` Dracut GitHub Import Bot [not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org> 2016-04-14 11:18 ` Guido Trentalancia 1 sibling, 1 reply; 10+ messages in thread From: Dracut GitHub Import Bot @ 2016-04-14 11:03 UTC (permalink / raw) To: initramfs-u79uwXL29TY76Z2rM5mHXA Patchset imported to github. Pull request: <https://github.com/haraldh/dracut/compare/master...dracut-mailing-devs:570F71FD.3020101%40redhat.com> ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org>]
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org> @ 2016-04-14 11:46 ` Guido Trentalancia 0 siblings, 0 replies; 10+ messages in thread From: Guido Trentalancia @ 2016-04-14 11:46 UTC (permalink / raw) To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: Harald Hoyer On Thu, 2016-04-14 at 11:03 +0000, Dracut GitHub Import Bot wrote: > Patchset imported to github. > Pull request: > <https://github.com/haraldh/dracut/compare/master...dracut-mailing-de > vs:570F71FD.3020101%40redhat.com> As already explained, the above is broken and it won't work. Please see message with subject "[PATCH v2] dracut: 99base: do not mount /run with the "noexec" option" which includes a new version with the check that you insist to include. Regards, Guido ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 2016-04-14 11:03 ` Dracut GitHub Import Bot @ 2016-04-14 11:18 ` Guido Trentalancia [not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> 1 sibling, 1 reply; 10+ messages in thread From: Guido Trentalancia @ 2016-04-14 11:18 UTC (permalink / raw) To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA Hello Harald. My reply follows the quoted text from previous messages... On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote: > On 12.04.2016 16:41, Guido Trentalancia wrote: > > On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote: > > > Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: > > > > Do not mount the /run directory with the "noexec" option, > > > > otherwise > > > > the > > > > system bootup fails (no binary can be executed, everything > > > > fails > > > > with > > > > permission denied errors). > > > > > > > > The bug was introduced in version 042 (11 Jun 2015) and affects > > > > all > > > > versions up to 044 (latest) and including git checked out on 12 > > > > Apr > > > > 2016. > > > > > > > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> > > > > --- > > > > modules.d/99base/init.sh | 2 +- > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > --- dracut-044/modules.d/99base/init.sh 2015-11-25 > > > > 14:22:28.000000000 +0100 > > > > +++ dracut-044-99base-init-should-mount-newrun-as- > > > > exec/modules.d/99base/init.sh 2016-04-12 > > > > 15:37:44.163185387 > > > > +0200 > > > > @@ -64,7 +64,7 @@ fi > > > > > > > > if ! ismounted /run; then > > > > mkdir -m 0755 /newrun > > > > - mount -t tmpfs -o > > > > mode=0755,noexec,nosuid,nodev,strictatime > > > > tmpfs /newrun >/dev/null > > > > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs > > > > /newrun >/dev/null > > > > cp -a /run/* /newrun >/dev/null 2>&1 > > > > mount --move /newrun /run > > > > rm -fr -- /newrun > > > > > > > > > > Which binary resides in /run ?? > > > > > > The whole initram filesystem binaries, including > > (/run/initramfs)/bin, > > (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and > > (/run/initramfs)/usr/sbin. [...] > > The patch has been tested and it works fine. Without the patch, > > dracut > > is unusable (the system cannot be booted). [...] > I would prefer something like this. Care to check, if that solves it? No, it does NOT work. Harald, you should apply the patch I sent to you (and quoted above), unmodified in order to sort out this major bug which produces unbootable initram filesystems. > diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh > index bd7ef70..31126d6 100755 > --- a/modules.d/99base/init.sh > +++ b/modules.d/99base/init.sh > @@ -64,7 +64,12 @@ fi > > if ! ismounted /run; then > mkdir -m 0755 /newrun > - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime > tmpfs /newrun >/dev/null > + if ! str_starts "$(readlink -f /bin/sh)" "/run"; then > + mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime > tmpfs /newrun >/dev/null > + else > + # the initramfs is based in /run, so don't mount it with > noexec > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs > /newrun >/dev/null > + fi > cp -a /run/* /newrun >/dev/null 2>&1 > mount --move /newrun /run > rm -fr -- /newrun Regards, Guido ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>]
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> @ 2016-04-14 11:30 ` Harald Hoyer [not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 10+ messages in thread From: Harald Hoyer @ 2016-04-14 11:30 UTC (permalink / raw) To: Guido Trentalancia, initramfs-u79uwXL29TY76Z2rM5mHXA On 14.04.2016 13:18, Guido Trentalancia wrote: > Hello Harald. > > My reply follows the quoted text from previous messages... > > On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote: >> On 12.04.2016 16:41, Guido Trentalancia wrote: >>> On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote: >>>> Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: >>>>> Do not mount the /run directory with the "noexec" option, >>>>> otherwise >>>>> the >>>>> system bootup fails (no binary can be executed, everything >>>>> fails >>>>> with >>>>> permission denied errors). >>>>> >>>>> The bug was introduced in version 042 (11 Jun 2015) and affects >>>>> all >>>>> versions up to 044 (latest) and including git checked out on 12 >>>>> Apr >>>>> 2016. >>>>> >>>>> Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> >>>>> --- >>>>> modules.d/99base/init.sh | 2 +- >>>>> 1 file changed, 1 insertion(+), 1 deletion(-) >>>>> >>>>> --- dracut-044/modules.d/99base/init.sh 2015-11-25 >>>>> 14:22:28.000000000 +0100 >>>>> +++ dracut-044-99base-init-should-mount-newrun-as- >>>>> exec/modules.d/99base/init.sh 2016-04-12 >>>>> 15:37:44.163185387 >>>>> +0200 >>>>> @@ -64,7 +64,7 @@ fi >>>>> >>>>> if ! ismounted /run; then >>>>> mkdir -m 0755 /newrun >>>>> - mount -t tmpfs -o >>>>> mode=0755,noexec,nosuid,nodev,strictatime >>>>> tmpfs /newrun >/dev/null >>>>> + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs >>>>> /newrun >/dev/null >>>>> cp -a /run/* /newrun >/dev/null 2>&1 >>>>> mount --move /newrun /run >>>>> rm -fr -- /newrun >>>>> >>>> >>>> Which binary resides in /run ?? >>> >>> >>> The whole initram filesystem binaries, including >>> (/run/initramfs)/bin, >>> (/run/initramfs)/sbin, (/run/initramfs)/usr/bin and >>> (/run/initramfs)/usr/sbin. > > [...] > >>> The patch has been tested and it works fine. Without the patch, >>> dracut >>> is unusable (the system cannot be booted). > > [...] > >> I would prefer something like this. Care to check, if that solves it? > > No, it does NOT work. > > Harald, you should apply the patch I sent to you (and quoted above), > unmodified in order to sort out this major bug which produces > unbootable initram filesystems. Well, this is a corner case. May I ask: Which distribution do you use? Which dracut version do you use? What is the output of: # lsinitrd <initramfs_image> What is the output of: # egrep . /etc/dracut.conf /etc/dracut.conf.d/*.conf /usr/lib/dracut/dracut.conf.d/*.conf ^ permalink raw reply [flat|nested] 10+ messages in thread
[parent not found: <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]
* [PATCH v2] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> @ 2016-04-14 11:41 ` Guido Trentalancia 0 siblings, 0 replies; 10+ messages in thread From: Guido Trentalancia @ 2016-04-14 11:41 UTC (permalink / raw) To: Harald Hoyer, initramfs-u79uwXL29TY76Z2rM5mHXA Hello Harald. Given that you insist, I'll help you on this... Please try the attached second version of the patch, which includes the check you like. On gio, 2016-04-14 at 13:30 +0200, Harald Hoyer wrote: > On 14.04.2016 13:18, Guido Trentalancia wrote: > > Hello Harald. > > > > My reply follows the quoted text from previous messages... > > > > On gio, 2016-04-14 at 12:33 +0200, Harald Hoyer wrote: > > > On 12.04.2016 16:41, Guido Trentalancia wrote: > > > > On mar, 2016-04-12 at 16:24 +0200, Harald Hoyer wrote: > > > > > Am 12.04.2016 um 16:07 schrieb Guido Trentalancia: > > > > > > Do not mount the /run directory with the "noexec" option, > > > > > > otherwise > > > > > > the > > > > > > system bootup fails (no binary can be executed, everything > > > > > > fails > > > > > > with > > > > > > permission denied errors). > > > > > > > > > > > > The bug was introduced in version 042 (11 Jun 2015) and > > > > > > affects > > > > > > all > > > > > > versions up to 044 (latest) and including git checked out > > > > > > on 12 > > > > > > Apr > > > > > > 2016. > > > > > > > > > > > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> > > > > > > --- > > > > > > modules.d/99base/init.sh | 2 +- > > > > > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > > > > > > > > > --- dracut-044/modules.d/99base/init.sh 2015-11-25 > > > > > > 14:22:28.000000000 +0100 > > > > > > +++ dracut-044-99base-init-should-mount-newrun-as- > > > > > > exec/modules.d/99base/init.sh 2016-04-12 > > > > > > 15:37:44.163185387 > > > > > > +0200 > > > > > > @@ -64,7 +64,7 @@ fi > > > > > > > > > > > > if ! ismounted /run; then > > > > > > mkdir -m 0755 /newrun > > > > > > - mount -t tmpfs -o > > > > > > mode=0755,noexec,nosuid,nodev,strictatime > > > > > > tmpfs /newrun >/dev/null > > > > > > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime > > > > > > tmpfs > > > > > > /newrun >/dev/null > > > > > > cp -a /run/* /newrun >/dev/null 2>&1 > > > > > > mount --move /newrun /run > > > > > > rm -fr -- /newrun Do not mount the /run directory with the "noexec" option, otherwise the system bootup fails (no binary can be executed, everything fails with permission denied errors). The bug was introduced with the following commit: commit c4184b5cf1b4892712de1370f8d2d92e5cc2e705 Author: Nikoli Date: Sat Nov 15 17:01:18 2014 +0300 and it started to affect version 042 (11 Jun 2015) and greater up and including version 044 (latest) and git checked out on 13 Apr 2016. Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> --- modules.d/99base/init.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) --- dracut-042/modules.d/99base/init.sh 2016-04-14 13:34:31.594743542 +0200 +++ dracut-042-99base-init-should-mount-newrun-as-exec-v2/modules.d/99base/init.sh 2016-04-14 13:34:09.442551940 +0200 @@ -64,7 +64,12 @@ fi if ! ismounted /run; then mkdir -m 0755 /newrun - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + if [ `echo $(readlink -f /bin/sh) | grep "^/run/"` ]; then + mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + else + # the initramfs is based in /run, so don't mount it with noexec + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null + fi cp -a /run/* /newrun >/dev/null 2>&1 mount --move /newrun /run rm -fr -- /newrun ^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH] dracut: 99base: do not mount /run with the "noexec" option [not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> 2016-04-12 14:24 ` Harald Hoyer @ 2016-04-12 15:07 ` Guido Trentalancia 1 sibling, 0 replies; 10+ messages in thread From: Guido Trentalancia @ 2016-04-12 15:07 UTC (permalink / raw) To: initramfs-u79uwXL29TY76Z2rM5mHXA; +Cc: harald-H+wXaHxf7aLQT0dZR+AlfA In git the bug was introduced with the following commit: commit c4184b5cf1b4892712de1370f8d2d92e5cc2e705 Date: Sat Nov 15 17:01:18 2014 +0300 Mount /dev, /dev/shm and /run noexec The patch I proposed partially reverts that in order to fix this major bug. Regards, Guido On mar, 2016-04-12 at 16:07 +0200, Guido Trentalancia wrote: > Do not mount the /run directory with the "noexec" option, otherwise > the > system bootup fails (no binary can be executed, everything fails with > permission denied errors). > > The bug was introduced in version 042 (11 Jun 2015) and affects all > versions up to 044 (latest) and including git checked out on 12 Apr > 2016. > > Signed-off-by: Guido Trentalancia <guido-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org> > --- > modules.d/99base/init.sh | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > --- dracut-044/modules.d/99base/init.sh 2015-11-25 > 14:22:28.000000000 +0100 > +++ dracut-044-99base-init-should-mount-newrun-as- > exec/modules.d/99base/init.sh 2016-04-12 15:37:44.163185387 > +0200 > @@ -64,7 +64,7 @@ fi > > if ! ismounted /run; then > mkdir -m 0755 /newrun > - mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime > tmpfs /newrun >/dev/null > + mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs > /newrun >/dev/null > cp -a /run/* /newrun >/dev/null 2>&1 > mount --move /newrun /run > rm -fr -- /newrun ^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2016-04-14 11:46 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-04-12 14:07 [PATCH] dracut: 99base: do not mount /run with the "noexec" option Guido Trentalancia
[not found] ` <1460470060.3152.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-12 14:24 ` Harald Hoyer
[not found] ` <570D0533.6070704-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-12 14:41 ` Guido Trentalancia
[not found] ` <1460472110.3152.14.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-14 10:33 ` Harald Hoyer
[not found] ` <570F71FD.3020101-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-14 11:03 ` Dracut GitHub Import Bot
[not found] ` <146063178363.23619.10614635055686320261.githubbot-QUxPd85Im3zrDilwLfPoKQ@public.gmane.org>
2016-04-14 11:46 ` Guido Trentalancia
2016-04-14 11:18 ` Guido Trentalancia
[not found] ` <1460632714.2782.3.camel-D1bseh+SzQhuxeB9wqlrNw@public.gmane.org>
2016-04-14 11:30 ` Harald Hoyer
[not found] ` <570F7F54.5050904-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2016-04-14 11:41 ` [PATCH v2] " Guido Trentalancia
2016-04-12 15:07 ` [PATCH] " Guido Trentalancia
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.