My workaround uses a dedicated directory for apt that is noexec as well but becomes temporally during installs:
/etc/fstab: tmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0 tmpfs /var/tmp/apt tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777,size=512M 0 0 /etc/apt/apt.conf.d/71tmpapt (or whatever): DPkg { Pre-Invoke { "mount /var/tmp/apt -o remount,exec" }; Post-Invoke { "mount /var/tmp/apt -o remount,noexec" }; }; APT::ExtractTemplates::TempDir "/var/tmp/apt"; Since the mount point must(?) exist for any mount point specified in /etc/fstab I put the apt dir into /var/tmp because its contents are persistent (unlike /tmp's). It's not very throughly tested yet... ymmv. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to debconf in Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails Status in debconf package in Ubuntu: Triaged Status in debconf package in Debian: Confirmed Bug description: Binary package hint: mysql-server /tmp mounted noexec, this ensues: Preconfiguring packages ... Can't exec "/tmp/mysql-server-5.0.config.89611": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168. open2: exec of /tmp/mysql-server-5.0.config.89611 configure failed at /usr/share/perl5/Debconf/ConfModule.pm line 57 mysql-server-5.0 failed to preconfigure, with exit status 2 ace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp