Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
What's new
7
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Open sidebar
tails
tails
Commits
eb9d3d4c
Commit
eb9d3d4c
authored
Oct 20, 2014
by
Tails developers
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Refactor chroot browsers' setup_chroot().
parent
c60450c6
Changes
3
Hide whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
42 additions
and
74 deletions
+42
-74
config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
...ludes/usr/local/lib/tails-shell-library/chroot-browser.sh
+36
-0
config/chroot_local-includes/usr/local/sbin/i2p-browser
config/chroot_local-includes/usr/local/sbin/i2p-browser
+3
-37
config/chroot_local-includes/usr/local/sbin/unsafe-browser
config/chroot_local-includes/usr/local/sbin/unsafe-browser
+3
-37
No files found.
config/chroot_local-includes/usr/local/lib/tails-shell-library/chroot-browser.sh
View file @
eb9d3d4c
...
...
@@ -28,3 +28,39 @@ try_cleanup_browser_chroot () {
done
rmdir
${
cow
}
${
chroot
}
2>/dev/null
}
# Setup a chroot on a clean aufs "fork" of the root filesystem.
setup_browser_chroot
()
{
local chroot
=
"
${
1
}
"
local
cow
=
"
${
2
}
"
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
trap
cleanup INT
trap
cleanup EXIT
local
rootfs_dir
local
rootfs_dirs_path
=
/lib/live/mount/rootfs
local
tails_module_path
=
/lib/live/mount/medium/live/Tails.module
local
aufs_dirs
=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while
read
rootfs_dir
;
do
rootfs_dir
=
"
${
rootfs_dirs_path
}
/
${
rootfs_dir
}
"
mountpoint
-q
"
${
rootfs_dir
}
"
&&
\
aufs_dirs
=
"
${
rootfs_dir
}
=rr+wh:
${
aufs_dirs
}
"
done
<
"
${
tails_module_path
}
"
# But our copy-on-write dir must be at the very top.
aufs_dirs
=
"
${
cow
}
=rw:
${
aufs_dirs
}
"
mkdir
-p
${
cow
}
${
chroot
}
&&
\
mount
-t
tmpfs tmpfs
${
cow
}
&&
\
mount
-t
aufs
-o
"noatime,noxino,dirs=
${
aufs_dirs
}
"
aufs
${
chroot
}
&&
\
mount
-t
proc proc
${
chroot
}
/proc
&&
\
mount
--bind
/dev
${
chroot
}
/dev
# Workaround for #6110
chmod
-t
${
cow
}
}
config/chroot_local-includes/usr/local/sbin/i2p-browser
View file @
eb9d3d4c
...
...
@@ -71,42 +71,6 @@ show_start_notification () {
tails-notify-user
"
${
title
}
"
"
${
body
}
"
10000
}
setup_chroot
()
{
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
echo
"* Setting up chroot"
trap
cleanup INT
trap
cleanup EXIT
local
rootfs_dir
local
rootfs_dirs_path
=
/lib/live/mount/rootfs
local
tails_module_path
=
/lib/live/mount/medium/live/Tails.module
local
aufs_dirs
=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while
read
rootfs_dir
;
do
rootfs_dir
=
"
${
rootfs_dirs_path
}
/
${
rootfs_dir
}
"
mountpoint
-q
"
${
rootfs_dir
}
"
&&
\
aufs_dirs
=
"
${
rootfs_dir
}
=rr+wh:
${
aufs_dirs
}
"
done
<
"
${
tails_module_path
}
"
# But our copy-on-write dir must be at the very top.
aufs_dirs
=
"
${
COW
}
=rw:
${
aufs_dirs
}
"
mkdir
-p
${
COW
}
${
CHROOT
}
&&
\
mount
-t
tmpfs tmpfs
${
COW
}
&&
\
mount
-t
aufs
-o
"noatime,noxino,dirs=
${
aufs_dirs
}
"
aufs
${
CHROOT
}
&&
\
mount
-t
proc proc
${
CHROOT
}
/proc
&&
\
mount
--bind
/dev
${
CHROOT
}
/dev
||
\
error
"
`
gettext
\"
Failed to setup chroot.
\"
`
"
# Workaround for todo/buggy_aufs_vs_unsafe-browser
chmod
-t
${
COW
}
}
set_chroot_browser_name
()
{
NAME
=
"
${
1
}
"
LOCALE
=
"
${
2
}
"
...
...
@@ -367,7 +331,9 @@ if ! i2p_router_console_is_ready; then
verify_start
fi
show_start_notification
setup_chroot
echo
"* Setting up chroot"
setup_browser_chroot
${
CHROOT
}
${
COW
}
||
\
error
"
`
gettext
\"
Failed to setup chroot.
\"
`
"
configure_chroot
run_browser_in_chroot
show_shutdown_notification
...
...
config/chroot_local-includes/usr/local/sbin/unsafe-browser
View file @
eb9d3d4c
...
...
@@ -71,42 +71,6 @@ show_start_notification () {
tails-notify-user
"
${
title
}
"
"
${
body
}
"
10000
}
setup_chroot
()
{
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
echo
"* Setting up chroot"
trap
cleanup INT
trap
cleanup EXIT
local
rootfs_dir
local
rootfs_dirs_path
=
/lib/live/mount/rootfs
local
tails_module_path
=
/lib/live/mount/medium/live/Tails.module
local
aufs_dirs
=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while
read
rootfs_dir
;
do
rootfs_dir
=
"
${
rootfs_dirs_path
}
/
${
rootfs_dir
}
"
mountpoint
-q
"
${
rootfs_dir
}
"
&&
\
aufs_dirs
=
"
${
rootfs_dir
}
=rr+wh:
${
aufs_dirs
}
"
done
<
"
${
tails_module_path
}
"
# But our copy-on-write dir must be at the very top.
aufs_dirs
=
"
${
COW
}
=rw:
${
aufs_dirs
}
"
mkdir
-p
${
COW
}
${
CHROOT
}
&&
\
mount
-t
tmpfs tmpfs
${
COW
}
&&
\
mount
-t
aufs
-o
"noatime,noxino,dirs=
${
aufs_dirs
}
"
aufs
${
CHROOT
}
&&
\
mount
-t
proc proc
${
CHROOT
}
/proc
&&
\
mount
--bind
/dev
${
CHROOT
}
/dev
||
\
error
"
`
gettext
\"
Failed to setup chroot.
\"
`
"
# Workaround for todo/buggy_aufs_vs_unsafe-browser
chmod
-t
${
COW
}
}
set_chroot_browser_name
()
{
NAME
=
"
${
1
}
"
LOCALE
=
"
${
2
}
"
...
...
@@ -269,7 +233,9 @@ fi
verify_start
show_start_notification
setup_chroot
echo
"* Setting up chroot"
setup_browser_chroot
${
CHROOT
}
${
COW
}
||
\
error
"
`
gettext
\"
Failed to setup chroot.
\"
`
"
configure_chroot
run_browser_in_chroot
show_shutdown_notification
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment