Commit 3cdeadfe authored by Committed by segfaultBrowse files
Let live-boot expose its /live/overlay as /lib/live/mount/overlay (refs: #15146)
/live/overlay (in the context of the initramfs) is the tmpfs where the read-write branch of our union rootfs lives. With aufs, this call to umount failed, and then live-boot would run: mount -o move /live/overlay /root/lib/live/mount/overlay As a result, this tmpfs mount was visible outside of the initramfs, and our initramfs-pre-shutdown-hook could unmount it on shutdown, which ensured the data stored in there was cleaned from memory. But with overlayfs, for some reason this call to umount succeeds, even though the overlayfs upper layer (/live/overlay/rw) is stored in this filesystem, which shows that this tmpfs is still mounted. As a result, this tmpfs is not visible anymore, and cannot be unmounted on shutdown, so the data stored in there remains in memory, available to cold-boot attackers. Let's not unmount this tmpfs and go back to the same behavior we had with aufs. This will probably require bringing back some...
config/chroot_local-patches/live-boot:_dont_mount_live_overlay_twice.patch → config/chroot_local-patches/live-boot:_expose_tmpfs_rw_branch.patch