[lxc-devel] [lxc/master] fix download template for /tmp as tmpfs or noexec
itoffshore on Github
lxc-bot at linuxcontainers.org
Sun Feb 25 12:24:00 UTC 2018
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 537 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20180225/5c4850e2/attachment.bin>
-------------- next part --------------
From 720c35be9471730dacadd1555bea24af2d180115 Mon Sep 17 00:00:00 2001
From: Stuart Cardall <developer at it-offshore.co.uk>
Date: Sun, 25 Feb 2018 11:50:13 +0000
Subject: [PATCH] fix download template for /tmp as tmpfs or noexec
* prepend $LXC_PATH to $DOWNLOAD_TEMP on systems with /tmp mounted
securely as a small tmpfs / noexec
* gpg_setup() creates $DOWNLOAD_TEMP so remove superflous mkdir
* fixes https://github.com/lxc/lxc/issues/516
Signed-off-by: Stuart Cardall <developer at it-offshore.co.uk>
---
templates/lxc-download.in | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 490552138..b627991ab 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -311,11 +311,15 @@ fi
# Trap all exit signals
trap cleanup EXIT HUP INT TERM
+# /tmp may be mounted in tmpfs or noexec
+if grep -qw '/tmp' /proc/mounts; then
+ DOWNLOAD_TEMP="${LXC_PATH}"
+fi
+
if ! command -V mktemp >/dev/null 2>&1; then
- DOWNLOAD_TEMP=/tmp/lxc-download.$$
- mkdir -p "${DOWNLOAD_TEMP}"
+ DOWNLOAD_TEMP=$DOWNLOAD_TEMP/tmp/lxc-download.$$
else
- DOWNLOAD_TEMP=$(mktemp -d)
+ DOWNLOAD_TEMP=$DOWNLOAD_TEMP$(mktemp -d)
fi
# Simply list images
More information about the lxc-devel
mailing list