initramfs-tools-ubuntu-core: scripts/read-only-rootfs unconditionally mounts rootfs read-write without fsck
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
initramfs-tools-ubuntu-core (Ubuntu) |
Fix Released
|
High
|
James Hunt |
Bug Description
A review of the read-only-rootfs script in i-t-u-c reveals the following:
local userdata_
[...]
mount -o defaults,rw "$path" "$rootmnt"
mkdir -p "$userdata_mnt"
[...]
mount -o discard "$path" "$userdata_mnt"
mount --move "$userdata_mnt" "${rootmnt}
[...]
mount -o remount,ro "${rootmnt}"
I assume that this has all been copied from what's currently being done on the phone. But it needs closer examination, because not only are we unconditionally mounting the rootfs read-write from the initramfs, we're doing so without first running fsck over it, which is something we *NEVER* do in the existing system. Moving to a read-only rootfs model should not result in changes that cause *higher* risk to the filesystem's integrity!
It's not clear to me why the rootfs is being mounted rw at all here. I suspect that this code was written at two different times, and that initially we needed to mount rw in order to ensure the /userdata mountpoint existed. But with the current code we're never creating that mountpoint at all, and so it's possible that we don't need to mount rw at all but should only be mounting ro.
Changed in initramfs-tools-ubuntu-core (Ubuntu): | |
assignee: | nobody → James Hunt (jamesodhunt) |
importance: | Undecided → High |
This bug was fixed in the package initramfs- tools-ubuntu- core - 0.3
--------------- tools-ubuntu- core (0.3) utopic; urgency=medium
initramfs-
* scripts/ read-only- rootfs:
- Revert adding required directories - let the provisioning tools handle
this.
- Create read-only rootfs bind mount to conceal from the system any
future writable operations.
- Don't mount writable initially as it isn't needed in this
environment (LP: #1376116).
-- James Hunt <email address hidden> Thu, 02 Oct 2014 14:01:43 +0100