tag 542915 +patch usertags 542915 -in-progress +patch-in-git thanks Attached is my minimal patch solving the problem of data loss in bind-mounted directories. It provides a safety net that, in the event that *anything* is still mounted inside the chroot, no attempt to delete anything will be made. Whilst this may, in some corner cases, result in failure to cleanup a chroot when previously (most) things would have been deleted, it should never effect most users.
I've exercised this patch in every way I can think of (bind-mounting things left and right, regular mounts, symlinks to mounts, etc) and I haven't been able to get it to actually delete anything any more. Jakub, I'd appreciate it if you would be able to apply the patch to your local pbuilder installation (it should go onto pbuilder-modulers in-situ, without a need for a rebuild) and see if you can find any ways to break it. - Matt
>From b13d3b8a9757da6bd84fd374b7948919fff1df80 Mon Sep 17 00:00:00 2001 From: Matt Palmer <mpal...@hezmatt.org> Date: Wed, 15 Dec 2010 07:21:00 +1100 Subject: [PATCH] Ensure that nothing is still mounted before deleting the build chroot. Closes: #542915 Whilst pbuilder is quite careful to minimise the risk of accidental data removal (with find -xdev, unmounting everything it mounts, etc), there is one case that it doesn't handle -- directories on the same filesystem as the chroot being bind-mounted into the chroot, because -xdev doesn't recognise the mount as a separate filesystem and pbuilder doesn't know to unmount it because it didn't mount it in the first place. This patch acts as a final safety net, to avoid attempting to delete anything if there is anything at all still mounted in the chroot. --- pbuilder-modules | 20 +++++++++++++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/pbuilder-modules b/pbuilder-modules index db6988b..8e23cdb 100644 --- a/pbuilder-modules +++ b/pbuilder-modules @@ -319,9 +319,23 @@ function cleanbuildplace () { log "W: Aborting with an error"; fi if [ "${INTERNAL_BUILD_UML}" != "yes" ]; then - if [ -d "$BUILDPLACE" ]; then - log "I: cleaning the build env " - clean_subdirectories "$BUILDPLACE" + if [ -d "$BUILDPLACE" ]; then + # A directory on the same partition as $BUILDPLACE, bind-mounted + # into $BUILDPLACE, will be cleaned out by clean_subdirectories + # (because -xdev doesn't know about bind mounts). To avoid that + # potential disaster (and also to avoid ugly error messages from + # rmdir otherwise), we want to make sure that there is *nothing* + # mounted under the chroot before we do our bulldozer routine. + # + # The readlink -f is a simple way to canonicalize the path for + # $BUILDPLACE (no dirty double slashes for *us*), so it matches + # what will be in the output of mount. + if mount |grep -q $(readlink -f $BUILDPLACE)/; then + log "E: Something is still mounted under ${BUILDPLACE}; unmount and remove ${BUILDPLACE} manually" + else + log "I: cleaning the build env " + clean_subdirectories "$BUILDPLACE" + fi fi; fi } -- 1.5.6.5