mirror of
https://git.proxmox.com/git/pve-kernel-meta
synced 2025-08-15 06:12:27 +00:00
zz-pve-efiboot: re-exec in mount namespace
to avoid affecting the running system negatively, e.g. because the target paths for mounting the ESPs have been modified via symlinks or similar attacks. Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
This commit is contained in:
Fabian Grünbichler
Thomas Lamprecht
parent
7800310ce5
commit
cfb0e459ea
@ -151,10 +151,12 @@ case $0:$mode in
|
||||
# Also run if we have no DEB_MAINT_PARAMS, in order to work with old
|
||||
# kernel packages.
|
||||
*/postinst.d/*:|*/postinst.d/*:configure)
|
||||
reexec_in_mountns "$@"
|
||||
BOOT_KVERS="$(boot_kernel_list "$@")"
|
||||
update_esps
|
||||
;;
|
||||
*/postrm.d/*:|*/postrm.d/*:remove)
|
||||
reexec_in_mountns "$@"
|
||||
# no newly installed kernel
|
||||
BOOT_KVERS="$(boot_kernel_list)"
|
||||
update_esps
|
||||
|
||||
Loading…
Reference in New Issue
Block a user