Skip to content

common: ensure /run is mounted with --make-private #52

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Foxboron merged 1 commit into from
Mar 26, 2023
Merged

common: ensure /run is mounted with --make-private #52

Foxboron merged 1 commit into from
Mar 26, 2023

Conversation

@Foxboron
Copy link
Member

@Foxboron Foxboron commented Mar 26, 2023

udev doesn't work in the chroot which prevents some tools like lsblk to retrieve the UUID of devices. This can be a bit problematic so instead of having /run mounted as a tmpfs, do a bind-mound from the rootfs and include --make-private.

This is similar to the previous implemention.

Fixes https://github.com/archlinux/arch-install-scripts/issues/24

@Foxboron
common: ensure /run is mounted with --make-private
0feec4a 
udev doesn't work in the chroot which prevents some tools like lsblk to
retrieve the UUID of devices. This can be a bit problematic so instead
of having /run mounted as a tmpfs, do a bind-mound from the rootfs and
include `--make-private`.

This is similar to the previous implemention.

Fixes https://github.com/archlinux/arch-install-scripts/issues/24
Fixes #26
@Foxboron Foxboron force-pushed the morten/run-make-private branch from 9b63fb4 to 0feec4a Compare March 26, 2023 18:04
@Foxboron Foxboron mentioned this pull request Mar 26, 2023
Closed
@Foxboron Foxboron merged commit 0feec4a into master Mar 26, 2023
@tomty89
Copy link
Contributor

tomty89 commented Sep 21, 2023

I'd say ideally if we have to move away from new tmpfs / read-only bind mount, then we should resort to overlayfs. This introduces the regression that the ownership of some directories under /run/ might be changed to numeric IDs that refer to a different user/group.

It's indeed much less of a problem for the live iso use case but sometimes we do want to pacstrap from our daily environment/system, and we don't want to having to fix ownership or reboot afterwards.

Btw I am not sure what's --make-private is supposed to do here. Isn't it the default anyway? (And it does not remediate the problem I just mentioned.)

@jelly jelly deleted the morten/run-make-private branch September 21, 2023 07:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@YHNdnzj YHNdnzj YHNdnzj approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Foxboron @tomty89 @YHNdnzj