Commit 7a30bc0b authored by intrigeri's avatar intrigeri
Browse files

Merge branch 'bugfix/15146-overlayfs-memory-erasure+force-all-tests' into stable (Closes: #15146)

parents 7f78e456 837be679
......@@ -13,6 +13,7 @@
+/bin/sh
+/bin/sleep
+/bin/systemctl
+/bin/umount
/lib/systemd/system/tails-remove-overlayfs-dirs.service
/lib/systemd/system-shutdown/tails
+/lib/systemd/systemd-shutdown
......
......@@ -10,39 +10,42 @@ set -x
### Unmount relevant filesystems
# Wait for lazy unmounts to finish
sync
# Debugging
mount
/bin/mount
# Otherwise we can't drop caches.
# This may also help for tracking remaining mounts.
mount -o remount,rw /proc
/bin/mount -o remount,rw /proc
# Otherwise we can't create new mountpoints in /mnt
mount -o remount,rw /
/bin/mount -o remount,rw /
# Move /oldroot/* mountpoints out of the way
mkdir -p /mnt/live/squashfs
mount --move \
/bin/mount --move \
/oldroot/lib/live/mount/rootfs/filesystem.squashfs \
/mnt/live/squashfs
mkdir -p /mnt/live/medium
mount --move \
/bin/mount --move \
/oldroot/lib/live/mount/medium \
/mnt/live/medium
mkdir -p /mnt/live/dev
mount --move \
/bin/mount --move \
/oldroot/dev \
/mnt/live/dev
mkdir -p /mnt/live/run
mount --move \
/bin/mount --move \
/oldroot/run \
/mnt/live/run
# Finally, really unmount relevant filesystems
umount /oldroot
/bin/umount /oldroot
# Debugging
mount
/bin/mount
### Ensure any remaining disk cache is erased by Linux' memory poisoning
echo 3 > /proc/sys/vm/drop_caches
......
......@@ -16,4 +16,10 @@ WORKDIR=$(/bin/mktemp -d)
/bin/mv "$WORKDIR"/main/* /run/initramfs/
# When migrating to overlayfs we had issues with the overlay rw branch
# not being wiped (#15146) but switching mount/umount from BusyBox' to
# util-linux' seems to bring the error rate from 10% to 0.5%.
rm /run/initramfs/usr/bin/mount /run/initramfs/usr/bin/umount
cp /bin/mount /bin/umount /run/initramfs/usr/bin/
/bin/rm -rf "$WORKDIR"
......@@ -197,10 +197,13 @@ When(/^I fill a (\d+) MiB file with a known pattern on the (persistent|root) fil
else
raise "This should not happen"
end
# Note that `yes` prints its own newline, so we have to skip it in
# `pattern` below.
# XXX:Stretch: once we drop support < Buster we can improve the
# expression below to `pattern[..-2]`.
$vm.execute_successfully(
"for i in $(seq 1 #{pattern_nb}) ; do " +
" echo wipe_didnt_work >> '#{dest_file}' ; " +
"done"
"yes #{pattern[0, pattern.length - 1]} | " +
"dd of=#{dest_file} bs=#{pattern.size} count=#{pattern_nb}"
)
end
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment