Commit eb9d3d4c authored by Tails developers's avatar Tails developers
Browse files

Refactor chroot browsers' setup_chroot().

parent c60450c6
......@@ -28,3 +28,39 @@ try_cleanup_browser_chroot () {
done
rmdir ${cow} ${chroot} 2>/dev/null
}
# Setup a chroot on a clean aufs "fork" of the root filesystem.
setup_browser_chroot () {
local chroot="${1}"
local cow="${2}"
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
trap cleanup INT
trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${cow}=rw:${aufs_dirs}"
mkdir -p ${cow} ${chroot} && \
mount -t tmpfs tmpfs ${cow} && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${chroot} && \
mount -t proc proc ${chroot}/proc && \
mount --bind /dev ${chroot}/dev
# Workaround for #6110
chmod -t ${cow}
}
......@@ -71,42 +71,6 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
setup_chroot () {
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
echo "* Setting up chroot"
trap cleanup INT
trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`"
# Workaround for todo/buggy_aufs_vs_unsafe-browser
chmod -t ${COW}
}
set_chroot_browser_name () {
NAME="${1}"
LOCALE="${2}"
......@@ -367,7 +331,9 @@ if ! i2p_router_console_is_ready; then
verify_start
fi
show_start_notification
setup_chroot
echo "* Setting up chroot"
setup_browser_chroot ${CHROOT} ${COW} || \
error "`gettext \"Failed to setup chroot.\"`"
configure_chroot
run_browser_in_chroot
show_shutdown_notification
......
......@@ -71,42 +71,6 @@ show_start_notification () {
tails-notify-user "${title}" "${body}" 10000
}
setup_chroot () {
# Setup a chroot on an aufs "fork" of the filesystem.
# FIXME: When LXC matures to the point where it becomes a viable option
# for creating isolated jails, the chroot can be used as its rootfs.
echo "* Setting up chroot"
trap cleanup INT
trap cleanup EXIT
local rootfs_dir
local rootfs_dirs_path=/lib/live/mount/rootfs
local tails_module_path=/lib/live/mount/medium/live/Tails.module
local aufs_dirs=
# We have to pay attention to the order we stack the filesystems;
# newest must be first, and remember that the .module file lists
# oldest first, newest last.
while read rootfs_dir; do
rootfs_dir="${rootfs_dirs_path}/${rootfs_dir}"
mountpoint -q "${rootfs_dir}" && \
aufs_dirs="${rootfs_dir}=rr+wh:${aufs_dirs}"
done < "${tails_module_path}"
# But our copy-on-write dir must be at the very top.
aufs_dirs="${COW}=rw:${aufs_dirs}"
mkdir -p ${COW} ${CHROOT} && \
mount -t tmpfs tmpfs ${COW} && \
mount -t aufs -o "noatime,noxino,dirs=${aufs_dirs}" aufs ${CHROOT} && \
mount -t proc proc ${CHROOT}/proc && \
mount --bind /dev ${CHROOT}/dev || \
error "`gettext \"Failed to setup chroot.\"`"
# Workaround for todo/buggy_aufs_vs_unsafe-browser
chmod -t ${COW}
}
set_chroot_browser_name () {
NAME="${1}"
LOCALE="${2}"
......@@ -269,7 +233,9 @@ fi
verify_start
show_start_notification
setup_chroot
echo "* Setting up chroot"
setup_browser_chroot ${CHROOT} ${COW} || \
error "`gettext \"Failed to setup chroot.\"`"
configure_chroot
run_browser_in_chroot
show_shutdown_notification
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment