[Piuparts-commits] [piuparts] 10/10: p: canonicalize mountpoint to avoid mounting outside the chroot

[Holger Levsen]

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to branch develop
in repository piuparts.

commit 2828e2e14c1e76d2d22ddbe7112181b9681974e9
Author: Andreas Beckmann <anbe at debian.org>
Date:   Mon Feb 15 23:43:30 2016 +0100

    p: canonicalize mountpoint to avoid mounting outside the chroot
    
    absolute symlinks like /dev/shm -> /run/shm can be problematic
    
    Signed-off-by: Andreas Beckmann <anbe at debian.org>
---
 debian/changelog | 2 ++
 piuparts.py      | 1 +
 2 files changed, 3 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index f8bab4b..d788bdb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ piuparts (0.70) UNRELEASED; urgency=medium
     - Add to ignored_files:
       + /etc/sysctl.d/99-sysctl.conf (dangling symlink to ../sysctl.conf)
       + /var/log/btmp
+    - Canonicalize mountpoint inside the chroot to avoid mounting over
+      symlinks and possibly outside the chroot.
     - --install-remove-install runs 'apt-get install --reinstall $pkg', too.
   * post_distupgrade_base_cleanup: Remove libprocps3 in stretch.
   * pre_remove_40_find_unowned_lib_links: Handle another mpi alternative.
diff --git a/piuparts.py b/piuparts.py
index 2c716f1..b4d1d85 100644
--- a/piuparts.py
+++ b/piuparts.py
@@ -1541,6 +1541,7 @@ class Chroot:
 
     def mount(self, source, path, fstype=None, opts=None):
         """Mount something into the chroot and remember it for unmount_all()."""
+        path = canonicalize_path(self.name, path)
         self.mkdir_p(path)
         fullpath = self.relative(path)
         command = ["mount"]

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/piuparts/piuparts.git