From cfb0e459ea758c1851819f95fffcccc16125669b Mon Sep 17 00:00:00 2001 From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= Date: Thu, 11 Jul 2019 11:22:50 +0200 Subject: [PATCH] zz-pve-efiboot: re-exec in mount namespace MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit to avoid affecting the running system negatively, e.g. because the target paths for mounting the ESPs have been modified via symlinks or similar attacks. Signed-off-by: Fabian Grünbichler --- efiboot/zz-pve-efiboot | 2 ++ 1 file changed, 2 insertions(+) diff --git a/efiboot/zz-pve-efiboot b/efiboot/zz-pve-efiboot index 954dbec..32dfe99 100755 --- a/efiboot/zz-pve-efiboot +++ b/efiboot/zz-pve-efiboot @@ -151,10 +151,12 @@ case $0:$mode in # Also run if we have no DEB_MAINT_PARAMS, in order to work with old # kernel packages. */postinst.d/*:|*/postinst.d/*:configure) + reexec_in_mountns "$@" BOOT_KVERS="$(boot_kernel_list "$@")" update_esps ;; */postrm.d/*:|*/postrm.d/*:remove) + reexec_in_mountns "$@" # no newly installed kernel BOOT_KVERS="$(boot_kernel_list)" update_esps -- 2.39.2