Bug#779902: /tmp can be mounted as tmpfs against user's will

Fri, 20 Mar 2015 00:50:13 -0700 

Hey,

Attaching the patch (which tries to be less intrusive with mounts, only
affecting /tmp) that I pinged on IRC for better tracking.
Tested under multiple configurations. /tmp isn't mounted as tmpfs
neither at boot, nor after a service restart having PrivateTmp. Enabling
the tmp mount unit now ensures that it's started at boot, before
services having PrivateTmp.

Cheers,
Didier


---
Diese E-Mail wurde von Avast Antivirus-Software auf Viren geprüft.
http://www.avast.com

>From 624f2a956a93acfd2da9132e991994c4e3218f2f Mon Sep 17 00:00:00 2001
From: Didier Roche <didro...@ubuntu.com>
Date: Thu, 19 Mar 2015 08:53:03 +0100
Subject: [PATCH] Avoid /tmp being mounted as tmpfs without the user's will

Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
an After relationship.
---
 debian/changelog                                   |  2 ++
 .../PrivateTmp-shouldn-t-require-tmpfs.patch       | 24 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 27 insertions(+)
 create mode 100644 debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch

diff --git a/debian/changelog b/debian/changelog
index 9589d09..ea22101 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,8 @@ systemd (219-5) UNRELEASED; urgency=medium
   * Add "systemd-fsckd" autopkgtest. (LP: #1427312)
   * Fix mount point detection on overlayfs and similar file systems without
     name_to_handle_at() and st_dev support. (LP: #1411140)
+  * Ensure PrivateTmp doesn't require tmpfs through tmp.mount, but rather adds
+    an After relationship.
 
   [ Martin Pitt ]
   * journald: Suppress expected cases of "Failed to set file attributes"
diff --git a/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch b/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch
new file mode 100644
index 0000000..cef5628
--- /dev/null
+++ b/debian/patches/PrivateTmp-shouldn-t-require-tmpfs.patch
@@ -0,0 +1,24 @@
+From: Didier Roche <didro...@ubuntu.com>
+Date: Wed, 18 Mar 2015 17:11:00 +0100
+Subject: PrivateTmp shouldn't require tmpfs
+
+As PrivateTmp is requiring tmp.mount, this one will mount (but only after boot)
+/tmp as tmpfs adding a Requires=tmp.mount to the unit. This change downgrades
+the requirements to an after relationship.
+---
+ src/core/unit.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: systemd-debian/src/core/unit.c
+===================================================================
+--- systemd-debian.orig/src/core/unit.c
++++ systemd-debian/src/core/unit.c
+@@ -807,7 +807,7 @@ int unit_add_exec_dependencies(Unit *u,
+                 return 0;
+ 
+         if (c->private_tmp) {
+-                r = unit_require_mounts_for(u, "/tmp");
++                r = unit_add_dependency_by_name(u, UNIT_AFTER, "tmp.mount", NULL, true);
+                 if (r < 0)
+                         return r;
+ 
diff --git a/debian/patches/series b/debian/patches/series
index 0a0e482..59b3524 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -70,3 +70,4 @@ cgroup-don-t-trim-cgroup-trees-created-by-someone-el.patch
 core-mount-ensure-that-we-parse-proc-self-mountinfo.patch
 Revert-journald-allow-restarting-journald-without-lo.patch
 path_is_mount_point-handle-false-positive-on-some-fs.patch
+PrivateTmp-shouldn-t-require-tmpfs.patch
-- 
2.1.4


_______________________________________________
Pkg-systemd-maintainers mailing list
pkg-systemd-maintain...@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers

Reply via email to