Commit 70701bbb authored by Tails developers's avatar Tails developers
Browse files

Use the correct stack of rootfs:s for the chroot browsers (Closes: #8152, #8152).

After installing incremental upgrades Tails' root filesystem consists
of a stack squashfs:s, not only filesystem.squashfs. When not stacking
them correct we may end up using the Tor Browser (Firefox) from an
older version of Tails, or with no Tor Browser at all, as in the
upgrade from Tails 1.1.2 to 1.2, when we migrated from Iceweasel to
the Tor Browser.

Based on patch contributed by sanic.
parent cfbff197
...@@ -14,7 +14,6 @@ export TEXTDOMAIN ...@@ -14,7 +14,6 @@ export TEXTDOMAIN
. /usr/local/lib/tails-shell-library/i2p.sh . /usr/local/lib/tails-shell-library/i2p.sh
ROFS=/lib/live/mount/rootfs/filesystem.squashfs
CONF_DIR=/var/lib/i2p-browser CONF_DIR=/var/lib/i2p-browser
COW=${CONF_DIR}/cow COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot CHROOT=${CONF_DIR}/chroot
...@@ -98,9 +97,25 @@ setup_chroot () { ...@@ -98,9 +97,25 @@ setup_chroot () {
trap cleanup INT trap cleanup INT
trap cleanup EXIT trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \ mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \ mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \ mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \ mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \ mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`" error "`gettext \"Failed to setup chroot.\"`"
......
...@@ -9,7 +9,6 @@ LOCK=/var/lock/${CMD} ...@@ -9,7 +9,6 @@ LOCK=/var/lock/${CMD}
TEXTDOMAIN="tails" TEXTDOMAIN="tails"
export TEXTDOMAIN export TEXTDOMAIN
ROFS=/lib/live/mount/rootfs/filesystem.squashfs
CONF_DIR=/var/lib/unsafe-browser CONF_DIR=/var/lib/unsafe-browser
COW=${CONF_DIR}/cow COW=${CONF_DIR}/cow
CHROOT=${CONF_DIR}/chroot CHROOT=${CONF_DIR}/chroot
...@@ -98,9 +97,25 @@ setup_chroot () { ...@@ -98,9 +97,25 @@ setup_chroot () {
trap cleanup INT trap cleanup INT
trap cleanup EXIT trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \ mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \ mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o noatime,noxino,dirs=${COW}=rw:${ROFS}=rr+wh aufs ${CHROOT} && \ mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \ mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \ mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`" error "`gettext \"Failed to setup chroot.\"`"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment