Refactor chroot browsers' setup_chroot().

eb9d3d4c · Tails developers · c60450c6 · eb9d3d4c · eb9d3d4c · eb9d3d4c
Commit eb9d3d4c authored Oct 20, 2014 by Tails developers
3 changed files
--- a/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
+++ b/config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
@@ -28,3 +28,39 @@ try_cleanup_browser_chroot () {
    done
    rmdir ${cow} ${chroot} 2>/dev/null
 }
+
+# Setup a chroot on a clean aufs "fork" of the root filesystem.
+setup_browser_chroot () {
+    local chroot="${1}"
+    local cow="${2}"
+    # FIXME: When LXC matures to the point where it becomes a viable option
+    # for creating isolated jails, the chroot can be used as its rootfs.
+
+    trap cleanup INT
+    trap cleanup EXIT
+
+    local rootfs_dir
+    local rootfs_dirs_path=/lib/live/mount/rootfs
+    local tails_module_path=/lib/live/mount/medium/live/Tails.module
+    local aufs_dirs=
+
+    # We have to pay attention to the order we stack the filesystems;
+    # newest must be first, and remember that the .module file lists
+    # oldest first, newest last.
+    while read rootfs_dir; do
+        rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
+        mountpoint -q "${rootfs_dir}" && \
+        aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
+    done < "${tails_module_path}"
+    # But our copy-on-write dir must be at the very top.
+    aufs_dirs="${cow}=rw:${aufs_dirs}"
+
+    mkdir -p ${cow} ${chroot} && \
+    mount -t tmpfs tmpfs ${cow} && \
+    mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${chroot} && \
+    mount -t proc proc ${chroot}/proc && \
+    mount --bind /dev ${chroot}/dev
+
+    # Workaround for #6110
+    chmod -t ${cow}
+}
--- a/config/chroot_local-includes/usr/local/sbin/i2p-browser
+++ b/config/chroot_local-includes/usr/local/sbin/i2p-browser
@@ -71,42 +71,6 @@ show_start_notification () {
    tails-notify-user "${title}" "${body}" 10000
 }

-setup_chroot () {
-    # Setup a chroot on an aufs "fork" of the filesystem.
-    # FIXME: When LXC matures to the point where it becomes a viable option
-    # for creating isolated jails, the chroot can be used as its rootfs.
-    echo "* Setting up chroot"
-
-    trap cleanup INT
-    trap cleanup EXIT
-
-    local rootfs_dir
-    local rootfs_dirs_path=/lib/live/mount/rootfs
-    local tails_module_path=/lib/live/mount/medium/live/Tails.module
-    local aufs_dirs=
-
-    # We have to pay attention to the order we stack the filesystems;
-    # newest must be first, and remember that the .module file lists
-    # oldest first, newest last.
-    while read rootfs_dir; do
-        rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
-        mountpoint -q "${rootfs_dir}" && \
-        aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
-    done < "${tails_module_path}"
-    # But our copy-on-write dir must be at the very top.
-    aufs_dirs="${COW}=rw:${aufs_dirs}"
-
-    mkdir -p ${COW} ${CHROOT} && \
-    mount -t tmpfs tmpfs ${COW} && \
-    mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
-    mount -t proc proc ${CHROOT}/proc && \
-    mount --bind /dev ${CHROOT}/dev || \
-    error "`gettext \"Failed to setup chroot.\"`"
-
-    # Workaround for todo/buggy_aufs_vs_unsafe-browser
-    chmod -t ${COW}
-}
-
 set_chroot_browser_name () {
    NAME="${1}"
    LOCALE="${2}"
@@ -367,7 +331,9 @@ if ! i2p_router_console_is_ready; then
    verify_start
 fi
 show_start_notification
-setup_chroot
+echo "* Setting up chroot"
+setup_browser_chroot ${CHROOT} ${COW} || \
+    error "`gettext \"Failed to setup chroot.\"`"
 configure_chroot
 run_browser_in_chroot
 show_shutdown_notification

--- a/config/chroot_local-includes/usr/local/sbin/unsafe-browser
+++ b/config/chroot_local-includes/usr/local/sbin/unsafe-browser
@@ -71,42 +71,6 @@ show_start_notification () {
    tails-notify-user "${title}" "${body}" 10000
 }

-setup_chroot () {
-    # Setup a chroot on an aufs "fork" of the filesystem.
-    # FIXME: When LXC matures to the point where it becomes a viable option
-    # for creating isolated jails, the chroot can be used as its rootfs.
-    echo "* Setting up chroot"
-
-    trap cleanup INT
-    trap cleanup EXIT
-
-    local rootfs_dir
-    local rootfs_dirs_path=/lib/live/mount/rootfs
-    local tails_module_path=/lib/live/mount/medium/live/Tails.module
-    local aufs_dirs=
-
-    # We have to pay attention to the order we stack the filesystems;
-    # newest must be first, and remember that the .module file lists
-    # oldest first, newest last.
-    while read rootfs_dir; do
-        rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
-        mountpoint -q "${rootfs_dir}" && \
-        aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
-    done < "${tails_module_path}"
-    # But our copy-on-write dir must be at the very top.
-    aufs_dirs="${COW}=rw:${aufs_dirs}"
-
-    mkdir -p ${COW} ${CHROOT} && \
-    mount -t tmpfs tmpfs ${COW} && \
-    mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
-    mount -t proc proc ${CHROOT}/proc && \
-    mount --bind /dev ${CHROOT}/dev || \
-    error "`gettext \"Failed to setup chroot.\"`"
-
-    # Workaround for todo/buggy_aufs_vs_unsafe-browser
-    chmod -t ${COW}
-}
-
 set_chroot_browser_name () {
    NAME="${1}"
    LOCALE="${2}"
@@ -269,7 +233,9 @@ fi

 verify_start
 show_start_notification
-setup_chroot
+echo "* Setting up chroot"
+setup_browser_chroot ${CHROOT} ${COW} || \
+    error "`gettext \"Failed to setup chroot.\"`"
 configure_chroot
 run_browser_in_chroot
 show_shutdown_notification