Package: grml-debootstrap
Version: 0.103
Severity: important
Dear Maintainer,
* What led up to the situation?
export DPKG_FORCE="breaks"
(Just necessary with grml-debootstrap, manually, you have to run dpkg -i
2 or 3 times to resolve it correctly)
Bootstrapping Debian 12 with following packages in config/extrapackages/:
cryptsetup_2%3a2.6.1-4~deb12u2_amd64.deb
cryptsetup-initramfs_2%3a2.6.1-4~deb12u2_all.deb
libnss-systemd_254.22-1~bpo12+1_amd64.deb
libpam-systemd_254.22-1~bpo12+1_amd64.deb
libsystemd0_254.22-1~bpo12+1_amd64.deb
libsystemd-shared_254.22-1~bpo12+1_amd64.deb
libudev1_254.22-1~bpo12+1_amd64.deb
systemd_254.22-1~bpo12+1_amd64.deb
systemd-boot-efi_254.22-1~bpo12+1_amd64.deb
systemd-dev_254.22-1~bpo12+1_all.deb
systemd-resolved_254.22-1~bpo12+1_amd64.deb
udev_254.22-1~bpo12+1_amd64.deb
Relevant groups on the host:
systemd-resolve:x:104:
kvm:x:124:
Relevant groups on the bootstrapped system:
systemd-resolve:x:997:
kvm:x:104:
* What was the outcome of this action?
Modified ownership on the host in /dev:
crw-rw---- root systemd-resolve /dev/kvm
crw-rw---- root systemd-resolve /dev/vhost-net
crw-rw---- root systemd-resolve /dev/vhost-vsock
* What outcome did you expect instead?
An unmodified host system.
The issue was that the package udev was modifying the files in chroot
during the setup and obviously, any package could do that but it should
not modify the host system, which in the worst could crash the host system.
This is caused by mounting rw in line 2016: mount -t devtmpfs udev
"${MNTPOINT}"/dev
which allows then in chroot to modify files in /dev.
Therefore it would be good to mount "${MNTPOINT}"/dev read-only, e.g.:
mount -t devtmpfs udev "${MNTPOINT}"/dev -o ro
I also verified the upstream version, which has no change in this
matter.
A test run with "${MNTPOINT}"/dev mounted read-only was successful.
Best regards,
Wolf
-- System Information:
Debian Release: 12.11
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500,
'proposed-updates'), (500,
'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.12.30+bpo-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8),
LANGUAGE=en_GB:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages grml-debootstrap depends on:
ii cdebootstrap 0.7.8+b31
ii debian-archive-keyring 2023.3+deb12u2
ii debootstrap 1.0.141~bpo12+1
ii e2fsprogs 1.47.2~rc1-2~bpo12+2
ii fdisk 2.38.1-5+deb12u3
ii gawk 1:5.2.1-2
ii kmod 30+20221128-1
ii util-linux 2.38.1-5+deb12u3
Versions of packages grml-debootstrap recommends:
ii dialog 1.3-20230209-1
ii kpartx 0.9.4-3+deb12u1
ii parted 3.5-3
ii qemu-utils 1:10.0.0+ds-2~bpo12+2
grml-debootstrap suggests no packages.
-- no debconf information
