The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2187
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === * prepend `$LXC_PATH` to `$DOWNLOAD_TEMP` on systems with `/tmp` mounted securely as a small `tmpfs` / `noexec` * `gpg_setup()` creates `$DOWNLOAD_TEMP` so remove superflous `mkdir` * fixes https://github.com/lxc/lxc/issues/516
From 720c35be9471730dacadd1555bea24af2d180115 Mon Sep 17 00:00:00 2001 From: Stuart Cardall <[email protected]> Date: Sun, 25 Feb 2018 11:50:13 +0000 Subject: [PATCH] fix download template for /tmp as tmpfs or noexec * prepend $LXC_PATH to $DOWNLOAD_TEMP on systems with /tmp mounted securely as a small tmpfs / noexec * gpg_setup() creates $DOWNLOAD_TEMP so remove superflous mkdir * fixes https://github.com/lxc/lxc/issues/516 Signed-off-by: Stuart Cardall <[email protected]> --- templates/lxc-download.in | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/templates/lxc-download.in b/templates/lxc-download.in index 490552138..b627991ab 100644 --- a/templates/lxc-download.in +++ b/templates/lxc-download.in @@ -311,11 +311,15 @@ fi # Trap all exit signals trap cleanup EXIT HUP INT TERM +# /tmp may be mounted in tmpfs or noexec +if grep -qw '/tmp' /proc/mounts; then + DOWNLOAD_TEMP="${LXC_PATH}" +fi + if ! command -V mktemp >/dev/null 2>&1; then - DOWNLOAD_TEMP=/tmp/lxc-download.$$ - mkdir -p "${DOWNLOAD_TEMP}" + DOWNLOAD_TEMP=$DOWNLOAD_TEMP/tmp/lxc-download.$$ else - DOWNLOAD_TEMP=$(mktemp -d) + DOWNLOAD_TEMP=$DOWNLOAD_TEMP$(mktemp -d) fi # Simply list images
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
