blivet: do not mount pre-existing partitions and do not detect OS there
This operation may be harmfull in many ways: - may unintentionally modify a disk not selected as installation target (mounting even read only replays journal for example) - if previous system was compromised, it may try to exploit some of the parsing code (filesystem driver etc) to survive across re-installation QubesOS/qubes-issues#2835
This commit is contained in:
Marek Marczykowski-Górecki
parent
1abde9cad3
commit
12cc054a74
47
blivet/0001-Avoid-mounting-pre-existing-disks.patch
Normal file
47
blivet/0001-Avoid-mounting-pre-existing-disks.patch
Normal file
@ -0,0 +1,47 @@
|
||||
From 1ce66b58907e229e21a0012a7a36ae93e9e32054 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
|
||||
<marmarek@invisiblethingslab.com>
|
||||
Date: Tue, 22 Oct 2019 16:15:31 +0200
|
||||
Subject: [PATCH] Avoid mounting pre-existing disks
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
Organization: Invisible Things Lab
|
||||
Cc: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
||||
|
||||
This operation may be harmfull in many ways:
|
||||
- may unintentionally modify a disk not selected as installation target
|
||||
(mounting even read only replays journal for example)
|
||||
- if previous system was compromised, it may try to exploit some of the
|
||||
parsing code (filesystem driver etc) to survive across
|
||||
re-installation
|
||||
|
||||
Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
|
||||
---
|
||||
blivet/osinstall.py | 9 ---------
|
||||
1 file changed, 9 deletions(-)
|
||||
|
||||
diff --git a/blivet/osinstall.py b/blivet/osinstall.py
|
||||
index 485e774c..f46388cd 100644
|
||||
--- a/blivet/osinstall.py
|
||||
+++ b/blivet/osinstall.py
|
||||
@@ -211,14 +211,8 @@ def find_existing_installations(devicetree, teardown_all=True):
|
||||
:rtype: list of :class:`Root`
|
||||
|
||||
"""
|
||||
- try:
|
||||
- roots = _find_existing_installations(devicetree)
|
||||
- return roots
|
||||
- except Exception: # pylint: disable=broad-except
|
||||
- log_exception_info(log.info, "failure detecting existing installations")
|
||||
- finally:
|
||||
- if teardown_all:
|
||||
- devicetree.teardown_all()
|
||||
+ if teardown_all:
|
||||
+ devicetree.teardown_all()
|
||||
|
||||
return []
|
||||
|
||||
--
|
||||
2.20.1
|
||||
|
||||
@ -23,6 +23,7 @@ Patch5: 0005-Use-local-backport-of-BlockDev-2.0-interface.patch
|
||||
|
||||
# Qubes patches
|
||||
Patch100: 0001-Double-recommended-LVM-thin-pool-metadata-space.patch
|
||||
Patch101: 0001-Avoid-mounting-pre-existing-disks.patch
|
||||
|
||||
# Versions of required components (done so we make sure the buildrequires
|
||||
# match the requires versions of things).
|
||||
@ -80,6 +81,7 @@ configuration.
|
||||
%patch5 -p1
|
||||
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
|
||||
rm -rf %{py3dir}
|
||||
cp -a . %{py3dir}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user