Commit 3cdeadfe authored by intrigeri's avatar intrigeri Committed by segfault
Browse files

Let live-boot expose its /live/overlay as /lib/live/mount/overlay (refs: #15146)

/live/overlay (in the context of the initramfs) is the tmpfs
where the read-write branch of our union rootfs lives.

With aufs, this call to umount failed, and then live-boot would run:

   mount -o move /live/overlay /root/lib/live/mount/overlay

As a result, this tmpfs mount was visible outside of the initramfs,
and our initramfs-pre-shutdown-hook could unmount it on shutdown,
which ensured the data stored in there was cleaned from memory.

But with overlayfs, for some reason this call to umount succeeds, even though the
overlayfs upper layer (/live/overlay/rw) is stored in this filesystem, which
shows that this tmpfs is still mounted. As a result, this tmpfs is not
visible anymore, and cannot be unmounted on shutdown, so the data stored
in there remains in memory, available to cold-boot attackers.

Let's not unmount this tmpfs and go back to the same behavior we had
with aufs.

This will probably require bringing back some...
parent 8dfa9933
......@@ -11,3 +11,10 @@ index 098111c..e1cfd15 100755
# Looking for persistence devices or files
if [ -n "${PERSISTENCE}" ] && [ -z "${NOPERSISTENCE}" ]
@@ -360,5 +360,5 @@
# ensure that a potentially stray tmpfs gets removed
# otherways, initramfs-tools is unable to remove /live
# and fails to boot
- umount /live/overlay > /dev/null 2>&1 || true
+ # umount /live/overlay > /dev/null 2>&1 || true
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment