setup-disk: fix running update-extlinux in chroot

When installling the packages in new root, the update-extlinux trigger script will be executed. We make sure this does not fail by: - run extlinux --install before we install packages - mount /dev and /proc for the chroot - temprorary disable grsecurity's chroot_caps

setup-disk: fix running update-extlinux in chroot
When installling the packages in new root, the update-extlinux trigger script will be executed. We make sure this does not fail by: - run extlinux --install before we install packages - mount /dev and /proc for the chroot - temprorary disable grsecurity's chroot_caps
c9533d0e · Natanael Copa · 762c6558 · c9533d0e
Commit c9533d0e authored Oct 02, 2013 by Natanael Copa
Hide whitespace changes
Inline Side-by-side

Showing with 34 additions and 5 deletions

setup-disk.in setup-disk.in +34 -5

No files found.
--- a/setup-disk.in
+++ b/setup-disk.in
@@ -160,6 +160,31 @@ find_pvs_in_vg() {
 	pvs --noheadings | awk "\$2 == \"$vg\" {print \$1}"
 }

+# echo current grsecurity option and set new
+set_grsec() {
+	local key="$1" value="$2"
+	if ! [ -e /proc/sys/kernel/grsecurity/$key ]; then
+		return 0
+	fi
+	cat /proc/sys/kernel/grsecurity/$key
+	echo $value > /proc/sys/kernel/grsecurity/$key
+}
+
+init_chroot_mounts() {
+	local mnt="$1" i=
+	for i in proc dev; do
+		mkdir -p "$mnt"/$i
+		mount --bind /$i "$mnt"/$i
+	done
+}
+
+cleanup_chroot_mounts() {
+	local mnt="$1" i=
+	for i in proc dev; do
+		umount "$mnt"/$i
+	done
+}
+
 install_mounted_root() {
 	local mnt="$1" mnt_boot= boot_fs= root_fs=
 	local initfs_features="ata base ide scsi usb virtio"
@@ -266,15 +291,15 @@ install_mounted_root() {
 /dev/fd0	/media/floppy	vfat	noauto	0 0
 /dev/usbdisk	/media/usb	vfat	noauto	0 0
 EOF
-
 	# remove the installed db in case its there so we force re-install
 	rm -f "$mnt"/var/lib/apk/installed "$mnt"/lib/apk/db/installed
 	echo "Installing system on $rootdev:"
+	extlinux $extlinux_raidopt --install "$mnt"/boot
+
 	# apk reads config from target root so we need to copy the config
 	mkdir -p "$mnt"/etc/apk/keys/
 	cp /etc/apk/keys/* "$mnt"/etc/apk/keys/

-
 	local apkflags="--initdb --quiet --progress --update-cache --clean-protected"
 	local pkgs=$(cat "$mnt"/etc/apk/world "$mnt"/var/lib/apk/world 2>/dev/null)
 	pkgs="$pkgs acct linux-$KERNEL_FLAVOR alpine-base"
@@ -287,10 +312,14 @@ EOF
 		repoflags="$repoflags --repository $i"
 	done
 	
+	chroot_caps=$(set_grsec chroot_caps 0)
+	init_chroot_mounts "$mnt"
 	apk add --root "$mnt" $apkflags --overlay-from-stdin \
-		$repoflags $pkgs <$ovlfiles>/dev/null || return 1
-	echo ""
-	extlinux $extlinux_raidopt --install "$mnt"/boot
+		$repoflags $pkgs <$ovlfiles>/dev/null
+	local ret=$?
+	cleanup_chroot_mounts "$mnt"
+	set_grsec chroot_caps $chroot_caps > /dev/null
+	return $ret
 }

 unmount_partitions() {