[gentoo-commits] proj/catalyst:2.X commit in: modules/ - gentoo-commits

From:	Brian Dolbec <brian.dolbec@×××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] proj/catalyst:2.X commit in: modules/
Date:	Wed, 01 Jan 2014 22:03:57
Message-Id:	`1388613791.e1dffd789f91235190b12f78edb5d1e262affb27.dol-sen@gentoo`

1

commit:     e1dffd789f91235190b12f78edb5d1e262affb27

2

Author:     Douglas Freed <dwfreed <AT> mtu <DOT> edu>

3

AuthorDate: Wed Jan  1 21:18:22 2014 +0000

4

Commit:     Brian Dolbec <brian.dolbec <AT> gmail <DOT> com>

5

CommitDate: Wed Jan  1 22:03:11 2014 +0000

6

URL:        http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=commit;h=e1dffd78

7

8

Mount /dev/shm in the chroot with the right options

9

10

Bind mounting /dev/shm into the chroot isn't a good idea, as there may

11

be collisions and result in weird side effects.  Instead, we can just

12

mount a new tmpfs there, with the right options to ensure security.

13

14

---

15

 modules/generic_stage_target.py | 9 ++++++---

16

 1 file changed, 6 insertions(+), 3 deletions(-)

17

18

diff --git a/modules/generic_stage_target.py b/modules/generic_stage_target.py

19

index 9edafe9..37d1fa1 100644

20

--- a/modules/generic_stage_target.py

21

+++ b/modules/generic_stage_target.py

22

@@ -179,13 +179,13 @@ class generic_stage_target(generic_target):

23

 			self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\

24

 				"/usr/portage":self.settings["snapshot_cache_path"]+"/portage",\

25

 				"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",

26

-				"/dev/shm": "/dev/shm"}

27

+				"/dev/shm": "shmfs"}

28

 		else:

29

 			self.mounts=["/proc", "/dev", "/usr/portage/distfiles",

30

 				"/var/tmp/portage"]

31

 			self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\

32

 				"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",

33

-				"/dev/shm": "/dev/shm"}

34

+				"/dev/shm": "shmfs"}

35

 		if os.uname()[0] == "Linux":

36

 			self.mounts.append("/dev/pts")

37

 			self.mounts.append("/dev/shm")

38

@@ -904,7 +904,7 @@ class generic_stage_target(generic_target):

39

 				os.makedirs(self.settings["chroot_path"]+x,0755)

40

41

 			if not os.path.exists(self.mountmap[x]):

42

-				if not self.mountmap[x] == "tmpfs":

43

+				if self.mountmap[x] != "tmpfs" and self.mountmap[x] != "shmfs":

44

 					os.makedirs(self.mountmap[x],0755)

45

46

 			src=self.mountmap[x]

47

@@ -923,6 +923,9 @@ class generic_stage_target(generic_target):

48

 						retval=os.system("mount -t tmpfs -o size="+\

49

 							self.settings["var_tmpfs_portage"]+"G "+src+" "+\

50

 							self.settings["chroot_path"]+x)

51

+				elif src == "shmfs":

52

+					retval=os.system("mount -t tmpfs -o noexec,nosuid,nodev shm "+\

53

+						self.settings["chroot_path"]+x)

54

 				else:

55

 					retval=os.system("mount --bind "+src+" "+\

56

 						self.settings["chroot_path"]+x)

1	commit: e1dffd789f91235190b12f78edb5d1e262affb27
2	Author: Douglas Freed <dwfreed <AT> mtu <DOT> edu>
3	AuthorDate: Wed Jan 1 21:18:22 2014 +0000
4	Commit: Brian Dolbec <brian.dolbec <AT> gmail <DOT> com>
5	CommitDate: Wed Jan 1 22:03:11 2014 +0000
6	URL: http://git.overlays.gentoo.org/gitweb/?p=proj/catalyst.git;a=commit;h=e1dffd78
7
8	Mount /dev/shm in the chroot with the right options
9
10	Bind mounting /dev/shm into the chroot isn't a good idea, as there may
11	be collisions and result in weird side effects. Instead, we can just
12	mount a new tmpfs there, with the right options to ensure security.
13
14	---
15	modules/generic_stage_target.py \| 9 ++++++---
16	1 file changed, 6 insertions(+), 3 deletions(-)
17
18	diff --git a/modules/generic_stage_target.py b/modules/generic_stage_target.py
19	index 9edafe9..37d1fa1 100644
20	--- a/modules/generic_stage_target.py
21	+++ b/modules/generic_stage_target.py
22	@@ -179,13 +179,13 @@ class generic_stage_target(generic_target):
23	self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\
24	"/usr/portage":self.settings["snapshot_cache_path"]+"/portage",\
25	"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",
26	- "/dev/shm": "/dev/shm"}
27	+ "/dev/shm": "shmfs"}
28	else:
29	self.mounts=["/proc", "/dev", "/usr/portage/distfiles",
30	"/var/tmp/portage"]
31	self.mountmap={"/proc":"/proc","/dev":"/dev","/dev/pts":"/dev/pts",\
32	"/usr/portage/distfiles":self.settings["distdir"],"/var/tmp/portage":"tmpfs",
33	- "/dev/shm": "/dev/shm"}
34	+ "/dev/shm": "shmfs"}
35	if os.uname()[0] == "Linux":
36	self.mounts.append("/dev/pts")
37	self.mounts.append("/dev/shm")
38	@@ -904,7 +904,7 @@ class generic_stage_target(generic_target):
39	os.makedirs(self.settings["chroot_path"]+x,0755)
40
41	if not os.path.exists(self.mountmap[x]):
42	- if not self.mountmap[x] == "tmpfs":
43	+ if self.mountmap[x] != "tmpfs" and self.mountmap[x] != "shmfs":
44	os.makedirs(self.mountmap[x],0755)
45
46	src=self.mountmap[x]
47	@@ -923,6 +923,9 @@ class generic_stage_target(generic_target):
48	retval=os.system("mount -t tmpfs -o size="+\
49	self.settings["var_tmpfs_portage"]+"G "+src+" "+\
50	self.settings["chroot_path"]+x)
51	+ elif src == "shmfs":
52	+ retval=os.system("mount -t tmpfs -o noexec,nosuid,nodev shm "+\
53	+ self.settings["chroot_path"]+x)
54	else:
55	retval=os.system("mount --bind "+src+" "+\
56	self.settings["chroot_path"]+x)

Gentoo Archives: gentoo-commits