[pve-devel] [RFC proxmox-ve/kernel-meta 00/15] ESP sync improvements

Thu Jul 11 10:30:29 CEST 2019

On Wed, Jul 10, 2019 at 09:04:39PM +0200, Thomas Lamprecht wrote:
> On 7/10/19 6:12 PM, Thomas Lamprecht wrote:
> > On 7/10/19 5:04 PM, Fabian Grünbichler wrote:
> >> - mktemp or something fancier for mountpoint directory creation, instead
> >>   of easy-to-guess hardcoded ones
> > 
> > We could just use a mount namespace, e.g., with
> > # unshare --mount
> > 
> > Then the outside would not see our mounts, at least unpriv. users..
> 
> E.g., something like the following:

yes, that looks like it should work and DTRT ;)

I'll send a patch based on it that also integrates it into
zz-pve-efiboot.

> 
> ----8<----
> diff --git a/bin/pveesptool b/bin/pveesptool
> index 6bbf679..e4b3928 100755
> --- a/bin/pveesptool
> +++ b/bin/pveesptool
> @@ -92,6 +92,28 @@ format() {
>         exit 0
>  }
>  
> +do_esp_install() {
> +       part="$1"
> +       UUID="$2"
> +
> +       esp_mp="/var/tmp/espmounts/$UUID"
> +
> +       mkdir -p "$esp_mp"
> +       echo "Mounting '$part' on '$esp_mp'."
> +       mount -t vfat "$part" "$esp_mp"
> +
> +       echo "Installing systemd-boot.."
> +       mkdir -p "$esp_mp/$PMX_ESP_DIR"
> +       bootctl --path "$esp_mp" install
> +
> +       echo "Configuring systemd-boot.."
> +       echo "timeout 3" > "$esp_mp/$PMX_LOADER_CONF.tmp"
> +       echo "default proxmox-*" >> "$esp_mp/$PMX_LOADER_CONF.tmp"
> +       mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
> +       echo "Unmounting '$part'."
> +       umount "$part"
> +}
> +
>  init() {
>         part="$1"
>  
> @@ -112,22 +134,8 @@ init() {
>                 exit 1
>         fi
>  
> -       esp_mp="/var/tmp/espmounts/$UUID"
> -
> -       mkdir -p "$esp_mp"
> -       echo "Mounting '$part' on '$esp_mp'."
> -       mount -t vfat "$part" "$esp_mp"
> -
> -       echo "Installing systemd-boot.."
> -       mkdir -p "$esp_mp/$PMX_ESP_DIR"
> -       bootctl --path "$esp_mp" install
> -
> -       echo "Configuring systemd-boot.."
> -       echo "timeout 3" > "$esp_mp/$PMX_LOADER_CONF.tmp"
> -       echo "default proxmox-*" >> "$esp_mp/$PMX_LOADER_CONF.tmp"
> -       mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
> -       echo "Unmounting '$part'."
> -       umount "$part"
> +       echo "Do real ESP initialization in mount namespace.."
> +       unshare --mount --propagation private "$0" "do-esp-install" "$part" "$UUID"
>  
>         echo "Adding '$part' to list of synced ESPs.."
>         if [ -e "$ESP_LIST" ]; then
> @@ -199,6 +207,16 @@ case "$1" in
>                 init "$@"
>                 exit 0
>         ;;
> +       'do-esp-install')
> +               shift
> +               if [ -z "$1" ] || [ -z "$2" ]; then
> +                       warn "E: <partition> and <uuid> are mandatory."
> +                       warn ""
> +                       exit 1
> +               fi
> +               do_esp_install "$@"
> +               exit 0
> +       ;;
>         'refresh')
>                 shift
>                 refresh
> --
> 