From 451331668643dd76d51d53c8ca44069561f86d1d Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Fri, 11 Sep 2020 20:14:37 +0200 Subject: [PATCH] scripts/forensic-mark-readonly: fix parent device handling + their usage via READONLY_IGNORE With commit 31e81f4ab5 the parent device behavior was modified in an unintended way: /dev/sda1 was set to read-only, even if the underlying parent device /dev/sda was already set to r/w. Fixed via proper quoting and invoking readlink on the /sys/... directory from within the calculation of ${tmp_parent}. Also support parent devices within the READONLY_IGNORE=... setting in /etc/grml/forensic.conf, so it's possible to assign READONLY_IGNORE='/dev/sda' and operate on e.g. /dev/sda1, expecting to ignore /dev/sda1 as well as /dev/sda then. This work was funded by Grml-Forensic. (Internally recorded as release-planning issue #175.) --- scripts/forensic-mark-readonly | 36 +++++++++++++++++++----------------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/scripts/forensic-mark-readonly b/scripts/forensic-mark-readonly index 92971e4..705034b 100755 --- a/scripts/forensic-mark-readonly +++ b/scripts/forensic-mark-readonly @@ -13,7 +13,7 @@ fi # see linux source -> Documentation/admin-guide/sysfs-rules.rst get_blockdev_dir() { - for dir in /sys/subsystem/block/ /sys/class/block/ /sys/block/ ; do + for dir in /sys/subsystem/block /sys/class/block /sys/block ; do [ -d "${dir}" ] && echo "${dir}" && return done } @@ -47,6 +47,17 @@ esac SYS_DIR="$(get_blockdev_dir)" +base_device=$(base "${BLOCK_DEVICE}") +if [ -n "${SYS_DIR}" ] && [ -n "${base_device}" ] ; then + tmp_parent="$(readlink -f "${SYS_DIR}"/*/"${base_device}")" + if [ -d "${tmp_parent}" ] ; then + parent_device=$(dir "${tmp_parent}") + parent_device=$(base "${parent_device}") + parent_device="/dev/${parent_device}" + fi + unset tmp_parent +fi + # support configuration file if [ -r /etc/grml/forensic.conf ] ; then READONLY_MODE="" @@ -60,26 +71,17 @@ if [ -r /etc/grml/forensic.conf ] ; then fi if [ -n "${READONLY_IGNORE:-}" ] ; then - case ${READONLY_IGNORE:-} in - "${BLOCK_DEVICE}") + if printf "%s\n" "${READONLY_IGNORE:-}" | grep -qw "${parent_device}" ; then + if [ -n "${parent_device:-}" ] ; then + logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' (parent device: '${parent_device}') to read-only as present in ignore list" + else logger -t forensic-mark-readonly "not setting '${BLOCK_DEVICE}' to read-only as present in ignore list" - exit 0 - ;; - esac + fi + exit 0 + fi fi fi -base_device=$(base "${BLOCK_DEVICE}") -if [ -n "${SYS_DIR}" ] && [ -n "${base_device}" ] ; then - tmp_parent="${SYS_DIR}/*/${base_device}" - if [ -d "${tmp_parent}" ] ; then - parent_device=$(dir "${tmp_parent}") - parent_device=$(base "${parent_device}") - parent_device="/dev/${parent_device}" - fi - unset tmp_parent -fi - if is_ro "${BLOCK_DEVICE}" ; then logger -t forensic-mark-readonly "device ${BLOCK_DEVICE} already set to read-only mode, nothing to do" elif [ -n "${parent_device}" ] && ! is_ro "${parent_device}" ; then -- 2.1.4