From mboxrd@z Thu Jan  1 00:00:00 1970
X-GM-THRID: 6523072403514327040
X-Received: by 10.55.100.82 with SMTP id y79mr12571944qkb.27.1519110187617;
        Mon, 19 Feb 2018 23:03:07 -0800 (PST)
X-BeenThere: isar-users@googlegroups.com
Received: by 10.55.10.76 with SMTP id 73ls2822078qkk.7.gmail; Mon, 19 Feb 2018
 23:03:07 -0800 (PST)
X-Google-Smtp-Source: AH8x226QbOdujF6NHmFVF9y8mKfy/hu3K3co49ab0Tv0wWPXlEIxsLWEjxooHE+ThV1ya89q+YOU
X-Received: by 10.55.220.199 with SMTP id v190mr148524qki.43.1519110187278;
        Mon, 19 Feb 2018 23:03:07 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1519110187; cv=none;
        d=google.com; s=arc-20160816;
        b=h1RC6UiujfQ/x++NoMJZQb29PPDKmdxEEphWCZlYyXlWdxUaPgRfBISb7pugzbKOAG
         6224q1MC2V+Nuxnjus+lpWbVa1aXMWQbEBi3L52Pheqh2M7AFNKSrQWpYTmcOiSIn9aU
         FKYRN3rPjUNGeB7VJJLN1gsZ8HISvYmYLG7zrqVnrZKUOTtzTHQc9OmvBB4D9uf/EDa5
         p7CQO2ei7BZph0lJ8wQoVxTIvsJnodMzKmGC6hq6+BlgcMIlvlKYvudr3xhjkegjJHqe
         NXmygmCGaCGAnGTvhzxnHBn9VY47uSfjsZQhV3grp1pCnCJKzOKda4MjC9+HWv0uGNrY
         joYg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:content-language:in-reply-to:mime-version
         :user-agent:date:message-id:references:to:from:subject
         :arc-authentication-results;
        bh=t7LfgUo7XzcLNCYld/glih1fsb/CdJKRUU1aPIf00cI=;
        b=dX3E7u628DUk19jp+KenWY/1ZfcFzjnLqGpzYtb2JO2aEWp9usPN4eqQHT80XnzUWz
         cUiUeMG1HG+71fkRlNZJzwFUsXL5tmpSCioMInuJ57b2rpI7lUhQxfkd+tRwZz0Ipbum
         A+3Lc6KGr0THi9vk8lvKHkHvndKzhZSLfW2lH+FT3VREeN4Ayq4FLXQeCpt35wolcRAi
         kBQV+yu/5UueALk9yGNi0elvf/4yhS2OaBCG0Abn8M0RWcoUPHQEQ90C+xoC0XN03+vN
         JYYDkl6c8zGHQ6ZCYc7GcPGhvLNJGc0cpM3cpV9D/iw44zuVTTk58aanM9j8cPHvMRyE
         F+Eg==
ARC-Authentication-Results: i=1; gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Return-Path: <asmirnov@ilbers.de>
Received: from aqmola.ilbers.de (aqmola.ilbers.de. [85.214.62.211])
        by gmr-mx.google.com with ESMTPS id h55si465545qtc.4.2018.02.19.23.03.06
        for <isar-users@googlegroups.com>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 19 Feb 2018 23:03:07 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) client-ip=85.214.62.211;
Authentication-Results: gmr-mx.google.com;
       spf=pass (google.com: best guess record for domain of asmirnov@ilbers.de designates 85.214.62.211 as permitted sender) smtp.mailfrom=asmirnov@ilbers.de
Received: from [10.0.2.15] ([188.227.110.165])
	(authenticated bits=0)
	by aqmola.ilbers.de (8.14.4/8.14.4/Debian-4+deb7u1) with ESMTP id w1K732Ac002965
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
	Tue, 20 Feb 2018 08:03:03 +0100
Subject: Re: [PATCH 1/8] Mount devtmpfs read-only into chroot
From: Alexander Smirnov <asmirnov@ilbers.de>
To: Jan Kiszka <jan.kiszka@siemens.com>,
        isar-users <isar-users@googlegroups.com>
References: <cover.1518771143.git.jan.kiszka@siemens.com>
 <02a592150c34714e0729d4fc73f86ff031fee514.1518771143.git.jan.kiszka@siemens.com>
 <7e4d36c6-9556-6a69-9ffa-dfbc2e1744ba@ilbers.de>
Message-ID: <02dd0bf0-fd0a-2c64-1dd6-25bea1b26929@ilbers.de>
Date: Tue, 20 Feb 2018 10:02:56 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
 Thunderbird/52.3.0
MIME-Version: 1.0
In-Reply-To: <7e4d36c6-9556-6a69-9ffa-dfbc2e1744ba@ilbers.de>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-TUID: HSkgycKBtVrG

On 02/20/2018 09:38 AM, Alexander Smirnov wrote:
> On 02/16/2018 11:52 AM, Jan Kiszka wrote:
>> From: Jan Kiszka <jan.kiszka@siemens.com>
>>
>> It's too easy to destroy the content of devtmpfs, which is shared with
>> the host (including privileged container setups), by calling rm -rf on
>> an output dir that still has devtmpfs mounted.
>>
> 
> Just tested this:
> 
> builder@zbook:~/isar/build$ mkdir aaa
> builder@zbook:~/isar/build$ mount -t devtmpfs -o mode=0755,nosuid,ro 
> devtmpfs aaa/
> 
> # Existing host /dev
> [asmirnov@zbook patches]$ sudo rm /dev/ram16
> OK
> 
> # RO mount point
> builder@zbook:~/isar/build$ sudo rm aaa/ram15
> rm: cannot remove ‘aaa/ram15’: Read-only file system
> 
> What I'm doing wrong?
> 

In addition, the following works good:

builder@zbook:~/isar$ mkdir aaa
builder@zbook:~/isar$ sudo mount --bind -o ro /dev aaa/
builder@zbook:~/isar$ sudo rm aaa/ram15

So mount --bind RO doesn't guarantee the RO content.

> BTW: started test build on server to check if problem with wheezy will go.

Build failed, but in the log it seems, that *only* now /dev becomes RO:

I: Extracting automake_1%3a1.15-6_all.deb...
I: Extracting autopoint_0.19.8.1-2_all.deb...
I: Extracting autotools-dev_20161112.1_all.deb...
I: Extracting base-files_9.9+deb9u3_i386.deb...
tar: ./dev: Cannot utime: Read-only file system
tar: ./dev: Cannot change ownership to uid 0, gid 0: Read-only file system
tar: Exiting with failure status due to previous errors
dpkg-deb: error: subprocess tar returned error exit status 2
dpkg -X failed with error code 512
Skipping...

Alex

>> To achieve write protection for device nodes, we can't mount devtmpfs
>> directly in read-only mode as that will change all mounts to that mode.
>> Luckily, doing a read-only bind-mount does the trick.
>>
>> Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
>> ---
>>   meta/classes/dpkg-base.bbclass                   | 2 +-
>>   meta/recipes-devtools/buildchroot/buildchroot.bb | 2 +-
>>   2 files changed, 2 insertions(+), 2 deletions(-)
>>
>> diff --git a/meta/classes/dpkg-base.bbclass 
>> b/meta/classes/dpkg-base.bbclass
>> index 5eef11b..78709f9 100644
>> --- a/meta/classes/dpkg-base.bbclass
>> +++ b/meta/classes/dpkg-base.bbclass
>> @@ -41,7 +41,7 @@ do_build() {
>>           if ! grep -q ${BUILDCHROOT_DIR}/isar-apt /proc/mounts; then \
>>               mount --bind ${DEPLOY_DIR_APT}/${DISTRO} 
>> ${BUILDCHROOT_DIR}/isar-apt; \
>>               mount --bind ${DL_DIR} ${BUILDCHROOT_DIR}/downloads; \
>> -            mount -t devtmpfs -o mode=0755,nosuid devtmpfs 
>> ${BUILDCHROOT_DIR}/dev; \
>> +            mount --bind -o ro /dev ${BUILDCHROOT_DIR}/dev; \
>>               mount -t proc none ${BUILDCHROOT_DIR}/proc; \
>>           fi'
>> diff --git a/meta/recipes-devtools/buildchroot/buildchroot.bb 
>> b/meta/recipes-devtools/buildchroot/buildchroot.bb
>> index 520daf9..1eca035 100644
>> --- a/meta/recipes-devtools/buildchroot/buildchroot.bb
>> +++ b/meta/recipes-devtools/buildchroot/buildchroot.bb
>> @@ -66,7 +66,7 @@ do_build() {
>>              "${WORKDIR}/multistrap.conf.in" > 
>> "${WORKDIR}/multistrap.conf"
>>       sudo mount --bind ${DEPLOY_DIR_APT}/${DISTRO} 
>> ${BUILDCHROOT_DIR}/isar-apt
>> -    sudo mount -t devtmpfs -o mode=0755,nosuid devtmpfs 
>> ${BUILDCHROOT_DIR}/dev
>> +    sudo mount --bind -o ro /dev ${BUILDCHROOT_DIR}/dev
>>       sudo mount -t proc none ${BUILDCHROOT_DIR}/proc
>>       # Create root filesystem
>>
> 

-- 
With best regards,
Alexander Smirnov

ilbers GmbH
Baierbrunner Str. 28c
D-81379 Munich
+49 (89) 122 67 24-0
http://ilbers.de/
Commercial register Munich, HRB 214197
General manager: Baurzhan Ismagulov