Commit 3399907b authored by Tails developers's avatar Tails developers
Browse files

New fix for bugs/writable_system_disk:_belongs_to_floppy_group

parent 4d6933b7
# Fix for Debian bug #645466.
# Note: Must be applied after /lib/udev/rules.d/91-permissions.rules
SUBSYSTEM=="block", SUBSYSTEMS=="usb", \
IMPORT{program}="/usr/local/sbin/udev-boot-dev-helper %k"
SUBSYSTEM=="block", SUBSYSTEMS=="usb", ENV{IS_ON_BOOT_DEV}=="yes", GROUP="disk"
Fix_debian_bug_645466 ()
# Fix bugs/writable_system_disk:_belongs_to_floppy_group (Debian
# bug #645466). Short story: udev sets a USB boot device's group
# ownership to 'floppy' making it writable by the live user. To
# prevent this we set it to 'disk'.
boot_dev_id=$(udevadm info --device-id-of-file=/lib/live/mount/medium)
boot_dev=$(readlink -f /dev/block/"${boot_dev_id}")
boot_dev_type=$(udevadm info --query=property --name="${boot_dev}" | \
awk -F'=' '/ID_BUS/ { print $2 }')
if [ "${boot_dev_type}" != usb ]; then
boot_dev_group=$(stat -c %G "${boot_dev}")
if [ "${boot_dev_group}" != disk ]; then
chgrp disk "${boot_dev}"
parent_path=$(udevadm info --query=property --name="${boot_dev}" | \
awk -F'=' '/UDISKS_PARTITION_SLAVE/ { print $2 }')
if [ -n "${parent_path}" ]; then
parent_name=$(udevadm info --query=name --path="${parent_path}")
if [ -n "${parent_name}" ]; then
chgrp disk "${parent_dev}"*
Fix_permissions ()
echo "- fixing permissions"
# Creating state file
touch /var/lib/live/config/permissions
# Turns out we cannot use function using `udevadm` in this library for
# this script since it's used in an udev rule; at that time the udev
# database isn't finished and any queries in it cannot be trusted.
. /usr/local/lib/tails-shell-library/
# XXX: This code is pretty crude thanks to not having udev to query
# for the parent device. In Wheezy with its newer blkid we'll be able
# to determine the parent device more reliably, if we care.
boot_part_id=$(mountpoint -d "${BOOT_IMAGE}")
boot_part=$(dev_id_to_block_dev "${boot_part_id}")
boot_dev=$(echo ${boot_part} | sed 's/[0-9]*$//')
if [ -b "${boot_dev}" ] && \
echo ${boot_dev} | grep -q "^/dev/sd[a-z]$" && \
echo /dev/$1 | grep -q "^${boot_dev}"; then
echo IS_ON_BOOT_DEV=yes
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment