| 1 |
On Wed, Jan 01, 2014 at 09:18:22PM +0000, Douglas Freed wrote: |
| 2 |
> Bind mounting /dev/shm into the chroot isn't a good idea, as there may |
| 3 |
> be collisions and result in weird side effects. Instead, we can just |
| 4 |
> mount a new tmpfs there, with the right options to ensure security. |
| 5 |
> --- |
| 6 |
> modules/generic_stage_target.py | 9 ++++++--- |
| 7 |
> 1 file changed, 6 insertions(+), 3 deletions(-) |
| 8 |
> |
| 9 |
> diff --git a/modules/generic_stage_target.py b/modules/generic_stage_target.py |
| 10 |
> index 9edafe9..10b367d 100644 |
| 11 |
> --- a/modules/generic_stage_target.py |
| 12 |
> +++ b/modules/generic_stage_target.py |
| 13 |
> @@ -179,13 +179,13 @@ class generic_stage_target(generic_target): |
| 14 |
> self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\ |
| 15 |
> "/usr/portage":self.settings["snapshot_cache_path"]+"/portage",\ |
| 16 |
> "/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs", |
| 17 |
> - "/dev/shm": "/dev/shm"} |
| 18 |
> + "/dev/shm": "shmfs"} |
| 19 |
> else: |
| 20 |
> self.mounts=["/proc", "/dev", "/usr/portage/distfiles", |
| 21 |
> "/var/tmp/portage"] |
| 22 |
> self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\ |
| 23 |
> "/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs", |
| 24 |
> - "/dev/shm": "/dev/shm"} |
| 25 |
> + "/dev/shm": "shmfs"} |
| 26 |
> if os.uname()[0] == "Linux": |
| 27 |
> self.mounts.append("/dev/pts") |
| 28 |
> self.mounts.append("/dev/shm") |
| 29 |
> @@ -904,7 +904,7 @@ class generic_stage_target(generic_target): |
| 30 |
> os.makedirs(self.settings["chroot_path"]+x,0755) |
| 31 |
> |
| 32 |
> if not os.path.exists(self.mountmap[x]): |
| 33 |
> - if not self.mountmap[x] == "tmpfs": |
| 34 |
> + if self.mountmap[x] != "tmpfs" and self.mountmap[x] != "shmfs": |
| 35 |
> os.makedirs(self.mountmap[x],0755) |
| 36 |
> |
| 37 |
> src=self.mountmap[x] |
| 38 |
> @@ -923,6 +923,9 @@ class generic_stage_target(generic_target): |
| 39 |
> retval=os.system("mount -t tmpfs -o size="+\ |
| 40 |
> self.settings["var_tmpfs_portage"]+"G "+src+" "+\ |
| 41 |
> self.settings["chroot_path"]+x) |
| 42 |
> + else if src == "shmfs": |
| 43 |
> + retval=os.system("mount -t tmpfs -o noexec,nosuid,nodev shm "+\ |
| 44 |
> + self.settings["chroot_path"]+x) |
| 45 |
> else: |
| 46 |
> retval=os.system("mount --bind "+src+" "+\ |
| 47 |
> self.settings["chroot_path"]+x) |
| 48 |
|
| 49 |
Looks good enough to me. Are we forward-porting this onto blueness' |
| 50 |
pending patch? |
| 51 |
|
| 52 |
I'll wait until more of the pending branch has been absorbed into |
| 53 |
master before working up a more thorough patch to support |
| 54 |
user-configurable: |
| 55 |
|
| 56 |
* '--bind $SOURCE' vs. '--rbind $SOURCE' vs. '-t $TYPE' |
| 57 |
* '-o $OPTIONS' |
| 58 |
|
| 59 |
Which will take care of my --rbind goals [1] in a more flexible way. |
| 60 |
|
| 61 |
Cheers, |
| 62 |
Trevor |
| 63 |
|
| 64 |
[1]: http://mid.gmane.org/20140101185335.GK29195@××××××××××××.us |
| 65 |
|
| 66 |
-- |
| 67 |
This email may be signed or encrypted with GnuPG (http://www.gnupg.org). |
| 68 |
For more information, see http://en.wikipedia.org/wiki/Pretty_Good_Privacy |
Archives