aboutsummaryrefslogtreecommitdiff
path: root/init.d
diff options
context:
space:
mode:
authorRobin H. Johnson <robbat2@gentoo.org>2015-02-26 17:58:22 -0800
committerWilliam Hubbs <w.d.hubbs@gmail.com>2015-02-27 10:14:44 -0600
commit7bbb73574b44972b0c1b364e24f71623068d7a1c (patch)
tree2125d6ea51f68cb320c300bc912bb5292e27ceea /init.d
parenta0378f38713e630e1af9101c2ece5d27ca2130fe (diff)
bootmisc: clean_run safety improvements.
If /tmp or / are read-only, the clean_run function can fail in some very bad ways. 1. dir=$(mktemp -d) returns an EMPTY string on error. 2. "mount -o bind / $dir", and don't check the result of that, 3. "rm -rf $dir/run/*", which removes the REAL /run contents 4. box gets very weird from this point forward Signed-Off-By: Robin H. Johnson <robbat2@gentoo.org> Signed-Off-By: Chip Parker <infowolfe@gmail.com> Reported-by: Chip Parker <infowolfe@gmail.com> Tested-by: Chip Parker <infowolfe@gmail.com>
Diffstat (limited to 'init.d')
-rw-r--r--init.d/bootmisc.in29
1 files changed, 25 insertions, 4 deletions
diff --git a/init.d/bootmisc.in b/init.d/bootmisc.in
index 2ec075f3..dbd258e8 100644
--- a/init.d/bootmisc.in
+++ b/init.d/bootmisc.in
@@ -119,11 +119,32 @@ clean_run()
{
[ "$RC_SYS" = VSERVER -o "$RC_SYS" = LXC ] && return 0
local dir
+ # If / is still read-only due to a problem, this will fail!
+ if ! checkpath -W /; then
+ eerror "/ is not writable; unable to clean up underlying /run"
+ return 1
+ fi
+ if ! checkpath -W /tmp; then
+ eerror "/tmp is not writable; unable to clean up underlying /run"
+ return 1
+ fi
+ # Now we know that we can modify /tmp and /
+ # if mktemp -d fails, it returns an EMPTY string
+ # STDERR: mktemp: failed to create directory via template ‘/tmp/tmp.XXXXXXXXXX’: Read-only file system
+ # STDOUT: ''
+ rc=0
dir=$(mktemp -d)
- mount --bind / $dir
- rm -rf $dir/run/*
- umount $dir
- rm -rf $dir
+ if [ -n "$dir" -a -d $dir -a -w $dir ]; then
+ mount --bind / $dir && rm -rf $dir/run/* || rc=1
+ umount $dir
+ rm -rf $dir
+ else
+ rc=1
+ fi
+ if [ $rc -ne 0 ]; then
+ eerror "Could not clean up underlying /run on /"
+ return 1
+ fi
}
start()