** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to python-apt in Ubuntu. https://bugs.launchpad.net/bugs/2039217
Title: python apt Cache(memonly=True) does not behave as if memonly. Status in python-apt package in Ubuntu: New Bug description: When I use the python constructor for apt.Cache with a rootdir=/mnt/host (which is mounted read-only) and memonly=True, it isn't behaving as if it's memonly. It's trying to create directories on the mounted system. Here's my stack: (note, python click module takes up a bit of the top of the stack) ``` Collecting apt-based metrics... Traceback (most recent call last): File "./restart_check.py", line 165, in <module> _main() File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1157, in __call__ return self.main(*args, **kwargs) File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1078, in main rv = self.invoke(ctx) File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 1434, in invoke return ctx.invoke(self.callback, **ctx.params) File "/usr/local/lib/python3.8/dist-packages/click/core.py", line 783, in invoke return __callback(*args, **kwargs) File "./restart_check.py", line 139, in _main cache = apt.cache.Cache(rootdir=root_dir, memonly=True) File "/usr/lib/python3/dist-packages/apt/cache.py", line 161, in __init__ self._check_and_create_required_dirs(rootdir) File "/usr/lib/python3/dist-packages/apt/cache.py", line 201, in _check_and_create_required_dirs os.makedirs(rootdir + d) File "/usr/lib/python3.8/os.py", line 213, in makedirs makedirs(head, exist_ok=exist_ok) File "/usr/lib/python3.8/os.py", line 213, in makedirs makedirs(head, exist_ok=exist_ok) File "/usr/lib/python3.8/os.py", line 223, in makedirs mkdir(name, mode) OSError: [Errno 30] Read-only file system: '/mnt/host/var' ``` Why are those create-dir calls not protected from the memonly flag? Are they truly needed to be able to set up the cache? Ya know what, this could be a security vulnerability, making writes to a system that was supposed to be treated as read-only, particularly for those that mounted to a disk in a non-read-only way. memonly is not as advertised. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/python-apt/+bug/2039217/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp