diff options
author | Roger Leigh <rleigh@debian.org> | 2010-06-06 23:08:50 +0100 |
---|---|---|
committer | Roger Leigh <rleigh@debian.org> | 2010-06-06 23:24:28 +0100 |
commit | db67bb1b9194f6738a27cd4a9fd7f831fbaf9bff (patch) | |
tree | e956b8727a939b5fc3d751b1cb5e110f6b3bbc46 /etc | |
parent | 57b62724e40ef993739ba87c338583efd14cd629 (diff) | |
download | schroot-db67bb1b9194f6738a27cd4a9fd7f831fbaf9bff.tar.gz |
20nssdatabases: Check database inodes inside and outside the chroot
If the NSS database files inside and outside the chroot have the
same device and inode number, we risk blanking the file when
piping the output of getent. stat both and check prior to
writing.
Diffstat (limited to 'etc')
-rwxr-xr-x | etc/setup.d/20nssdatabases | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/etc/setup.d/20nssdatabases b/etc/setup.d/20nssdatabases index a9573747..09641803 100755 --- a/etc/setup.d/20nssdatabases +++ b/etc/setup.d/20nssdatabases @@ -49,6 +49,19 @@ if [ $1 = "setup-start" ] || [ $1 = "setup-recover" ]; then if echo "$db" | egrep -q '^(#|$)' ; then continue fi + + # Device and inode + da=$(/usr/bin/stat --format="%d %i" "/etc/$db") + db=$(/usr/bin/stat --format="%d %i" "${CHROOT_PATH}/etc/$db") + + # If the database inside and outside the chroot is the + # same, it's very likely that dup_nss would blank the + # database, so skip it. + if [ "$da" = "$db" ]; then + echo "$db files '/etc/$db' and '${CHROOT_PATH}/etc/$db' are the same file; skipping" + continue; + fi + dup_nss "$db" "${CHROOT_PATH}/etc/$db" done < "$NSSDATABASES" else |