Skip to content

Commit

Permalink
install: Only switch to loopback after re-exec
Browse files Browse the repository at this point in the history
I noticed we were leaking a loopback device, and the reason is
because the "re-exec self for selinux" dance.

We should really try to move that re-exec way earlier because
it's a big hazard for stuff like this right now.

This is a simple fix though that just moves the switch to
allocating the loopback device until after we've done the install
prep (including that re-exec).

Signed-off-by: Colin Walters <[email protected]>
  • Loading branch information
cgwalters committed Jan 24, 2024
1 parent 6f71353 commit c7fecf3
Showing 1 changed file with 15 additions and 7 deletions.
22 changes: 15 additions & 7 deletions lib/src/install.rs
Original file line number Diff line number Diff line change
Expand Up @@ -1088,17 +1088,13 @@ pub(crate) async fn install_to_disk(opts: InstallToDiskOpts) -> Result<()> {
.device
.metadata()
.with_context(|| format!("Querying {}", &block_opts.device))?;
let mut loopback = None;
if opts.via_loopback {
if !target_blockdev_meta.file_type().is_file() {
anyhow::bail!(
"Not a regular file (to be used via loopback): {}",
block_opts.device
);
}
let loopback_dev = crate::blockdev::LoopbackDevice::new(block_opts.device.as_std_path())?;
block_opts.device = loopback_dev.path().into();
loopback = Some(loopback_dev);
} else {
if !target_blockdev_meta.file_type().is_block_device() {
anyhow::bail!("Not a block device: {}", block_opts.device);
Expand All @@ -1107,10 +1103,22 @@ pub(crate) async fn install_to_disk(opts: InstallToDiskOpts) -> Result<()> {
let state = prepare_install(opts.config_opts, opts.source_opts, opts.target_opts).await?;

// This is all blocking stuff
let mut rootfs = {
let (mut rootfs, loopback) = {
let loopback_dev = if opts.via_loopback {
let loopback_dev =
crate::blockdev::LoopbackDevice::new(block_opts.device.as_std_path())?;
block_opts.device = loopback_dev.path().into();
Some(loopback_dev)
} else {
None
};

let state = state.clone();
tokio::task::spawn_blocking(move || baseline::install_create_rootfs(&state, block_opts))
.await??
let rootfs = tokio::task::spawn_blocking(move || {
baseline::install_create_rootfs(&state, block_opts)
})
.await??;
(rootfs, loopback_dev)
};

install_to_filesystem_impl(&state, &mut rootfs).await?;
Expand Down

0 comments on commit c7fecf3

Please sign in to comment.