Bug#806273: Patch for disabling kernel mounts when grub-mount is available

[Emmanuel Kasper]

The included patch disables read_only mounts when grub-mount is available.

This patch should also fix #788062 and #648208, which I presume are the
same bug.

According to https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=701814#57
it seems that the fallback for kernel mounts were mostly added as a
"conservative fallback".

Actually this conservative fallback can lead to data corruption as shown
in #788062 and #648208 and  when a failed grub-mount will be succeeded
by the attempt of a readonly

I am looking forward for comments about the patch since the bug is
release critical and goes back as far as 2011.


>From 58c2cbf7660e93f52e43bdf076a5db9bc95d9889 Mon Sep 17 00:00:00 2001
From: Emmanuel Kasper <e.kas...@proxmox.com>
Date: Tue, 15 Nov 2016 14:52:23 +0100
Subject: [PATCH] do not mount partitions via 'mount' if grub-mount fails on a
 block device closes: #806273, #788602

kernel read-only 'mount' via ro_partition causes data loss if the block device
is actually mounted outside our environement (for example via iscsi, or
a virtual machine)

since grub-mount has now support for all the filesystems needed in os-probes/mounted,
(with the execption of QNX) it is assumed to be safe to disable kernel read-only
mounts except for the case where grub-mount is not available
---
 debian/control                   |  2 +-
 os-probes/common/50mounted-tests | 17 +++++++++--------
 2 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/debian/control b/debian/control
index 10459bd..00c4a63 100644
--- a/debian/control
+++ b/debian/control
@@ -22,7 +22,7 @@ Package: os-prober
 Architecture: any
 Section: utils
 Priority: extra
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common [i386 amd64 powerpc ppc64 ppc64el sparc mipsel kfreebsd-i386 kfreebsd-amd64]
 Description: utility to detect other OSes on a set of drives
  This package detects other OSes available on a system and outputs the
  results in a generic machine-readable format.
diff --git a/os-probes/common/50mounted-tests b/os-probes/common/50mounted-tests
index 561163b..f1e35c1 100755
--- a/os-probes/common/50mounted-tests
+++ b/os-probes/common/50mounted-tests
@@ -47,15 +47,16 @@ fi
 
 mounted=
 if type grub-mount >/dev/null 2>&1 && \
-   type grub-probe >/dev/null 2>&1 && \
-   grub-mount "$partition" "$tmpmnt" 2>/dev/null; then
-	mounted=1
-	type="$(grub-probe -d "$partition" -t fs)" || true
-	if [ "$type" ]; then
-		debug "mounted using GRUB $type filesystem driver"
-	else
-		debug "mounted using GRUB, but unknown filesystem?"
+   type grub-probe >/dev/null 2>&1; then
+	if grub-mount "$partition" "$tmpmnt" 2>/dev/null; then
+		mounted=1
+		type="$(grub-probe -d "$partition" -t fs)" || true
+		if [ "$type" ]; then
+			debug "mounted using GRUB $type filesystem driver"
+		else
+			debug "mounted using GRUB, but unknown filesystem?"
 		type=fuseblk
+		fi
 	fi
 else
 	ro_partition "$partition"
-- 
2.1.4