scripts/forensic-mark-readonly: fix parent device handling + their usage via READONLY...

With commit 31e81f4ab5 the parent device behavior was modified
in an unintended way: /dev/sda1 was set to read-only, even
if the underlying parent device /dev/sda was already set to r/w.
Fixed via proper quoting and invoking readlink on the /sys/...
directory from within the calculation of ${tmp_parent}.

Also support parent devices within the READONLY_IGNORE=... setting
in /etc/grml/forensic.conf, so it's possible to assign
READONLY_IGNORE='/dev/sda' and operate on e.g. /dev/sda1, expecting
to ignore /dev/sda1 as well as /dev/sda then.

This work was funded by Grml-Forensic.
(Internally recorded as release-planning issue #175.)

diff --git a/scripts/forensic-mark-readonly b/scripts/forensic-mark-readonly
index 92971e4..705034b 100755 (executable)
--- a/scripts/forensic-mark-readonly
+++ b/scripts/forensic-mark-readonly
@@ -13,7 +13,7 @@ fi
 
 # see linux source -> Documentation/admin-guide/sysfs-rules.rst
 get_blockdev_dir() {
-  for dir in /sys/subsystem/block/ /sys/class/block/ /sys/block/ ; do
+  for dir in /sys/subsystem/block /sys/class/block /sys/block ; do
     [ -d "${dir}" ] && echo "${dir}" && return
   done
 }
@@ -47,6 +47,17 @@ esac
 
 SYS_DIR="$(get_blockdev_dir)"
 
+base_device=$(base "${BLOCK_DEVICE}")
+if [ -n "${SYS_DIR}" ] && [ -n "${base_device}" ] ; then
+  tmp_parent="$(readlink -f "${SYS_DIR}"/*/"${base_device}")"
+  if [ -d "${tmp_parent}" ] ; then
+    parent_device=$(dir "${tmp_parent}")
+    parent_device=$(base "${parent_device}")
+    parent_device="/dev/${parent_device}"
+  fi
+  unset tmp_parent
+fi
+
 # support configuration file
 if [ -r /etc/grml/forensic.conf ] ; then
   READONLY_MODE=""
@@ -60,26 +71,17 @@ if [ -r /etc/grml/forensic.conf ] ; then
   fi
 
   if [ -n "${READONLY_IGNORE:-}" ] ; then
-    case ${READONLY_IGNORE:-} in
-      "${BLOCK_DEVICE}")
+    if printf "%s\n" "${READONLY_IGNORE:-}" | grep -qw "${parent_device}" ; then
+      if [ -n "${parent_device:-}" ] ; then
+        logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' (parent device: '${parent_device}') to read-only as present in ignore list"
+      else
         logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' to read-only as present in ignore list"
-        exit 0
-        ;;
-    esac
+      fi
+      exit 0
+    fi
   fi
 fi
 
-base_device=$(base "${BLOCK_DEVICE}")
-if [ -n "${SYS_DIR}" ] && [ -n "${base_device}" ] ; then
-  tmp_parent="${SYS_DIR}/*/${base_device}"
-  if [ -d "${tmp_parent}" ] ; then
-    parent_device=$(dir "${tmp_parent}")
-    parent_device=$(base "${parent_device}")
-    parent_device="/dev/${parent_device}"
-  fi
-  unset tmp_parent
-fi
-
 if is_ro "${BLOCK_DEVICE}" ; then
   logger -t forensic-mark-readonly "device ${BLOCK_DEVICE} already set to read-only mode, nothing to do"
 elif [ -n "${parent_device}" ] && ! is_ro "${parent_device}" ; then