napcok/calamares
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[initramfs] Configure mkinitramfs to be safe

Browse Source 
SEE #1191
This commit is contained in:
Adriaan de Groot 2019-07-05 11:43:40 +02:00
parent b697461497
commit 43eb664e7d
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/modules/initramfs/InitramfsJob.cpp
View File

@ -44,6 +44,17 @@ InitramfsJob::exec()
CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe ); CalamaresUtils::UMask m( CalamaresUtils::UMask::Safe );
cDebug() << "Updating initramfs with kernel" << m_kernel; cDebug() << "Updating initramfs with kernel" << m_kernel;
// First make sure we generate a safe initramfs with suitable permissions.
static const char confFile[] = "/etc/initramfs-tools/conf.d/calamares-safe-initramfs.conf";
static const char contents[] = "UMASK=0077\n";
if ( CalamaresUtils::System::instance()->createTargetFile( confFile, QByteArray( contents ) ).isEmpty() )
{
cWarning() << Logger::SubEntry << "Could not configure safe UMASK for initramfs.";
// But continue anyway.
}
// And then do the ACTUAL work.
auto r = CalamaresUtils::System::instance()->targetEnvCommand( auto r = CalamaresUtils::System::instance()->targetEnvCommand(
{ "update-initramfs", "-k", m_kernel, "-c", "-t" }, QString(), QString(), 0 ); { "update-initramfs", "-k", m_kernel, "-c", "-t" }, QString(), QString(), 0 );
return r.explainProcess( "update-initramfs", 10 ); return r.explainProcess( "update-initramfs", 10 );