proxmox-mirrors/pve-kernel-meta
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-kernel-meta synced 2025-08-15 09:54:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

zz-pve-efiboot: re-exec in mount namespace

Browse Source 
to avoid affecting the running system negatively, e.g. because the
target paths for mounting the ESPs have been modified via symlinks or
similar attacks.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler 2019-07-11 11:22:50 +02:00 committed by Thomas Lamprecht
parent 7800310ce5
commit cfb0e459ea
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
efiboot/zz-pve-efiboot
View File

@ -151,10 +151,12 @@ case $0:$mode in
# Also run if we have no DEB_MAINT_PARAMS, in order to work with old # Also run if we have no DEB_MAINT_PARAMS, in order to work with old
# kernel packages. # kernel packages.
*/postinst.d/*:|*/postinst.d/*:configure) */postinst.d/*:|*/postinst.d/*:configure)
reexec_in_mountns "$@"
BOOT_KVERS="$(boot_kernel_list "$@")" BOOT_KVERS="$(boot_kernel_list "$@")"
update_esps update_esps
;; ;;
*/postrm.d/*:|*/postrm.d/*:remove) */postrm.d/*:|*/postrm.d/*:remove)
reexec_in_mountns "$@"
# no newly installed kernel # no newly installed kernel
BOOT_KVERS="$(boot_kernel_list)" BOOT_KVERS="$(boot_kernel_list)"
update_esps update_esps