From owner-svn-src-head@freebsd.org Mon May 23 15:11:02 2016 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 4E87BB47965; Mon, 23 May 2016 15:11:02 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1F81111C9; Mon, 23 May 2016 15:11:02 +0000 (UTC) (envelope-from allanjude@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id u4NFB1kI068765; Mon, 23 May 2016 15:11:01 GMT (envelope-from allanjude@FreeBSD.org) Received: (from allanjude@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id u4NFB1l9068764; Mon, 23 May 2016 15:11:01 GMT (envelope-from allanjude@FreeBSD.org) Message-Id: <201605231511.u4NFB1l9068764@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: allanjude set sender to allanjude@FreeBSD.org using -f From: Allan Jude Date: Mon, 23 May 2016 15:11:01 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r300509 - head/usr.sbin/bsdinstall/scripts X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 May 2016 15:11:02 -0000 Author: allanjude Date: Mon May 23 15:11:01 2016 New Revision: 300509 URL: https://svnweb.freebsd.org/changeset/base/300509 Log: Fix error in bsdinstall where additional filesystems cannot be mounted Do not set canmount=noauto on the boot environment at create time, because this causes / to not be mounted, and since the chroot is read only, new mountpoints cannot be created. The property is set later, when other properties are adjusted Reported by: HardenedBSD Sponsored by: ScaleEngine Inc. Modified: head/usr.sbin/bsdinstall/scripts/zfsboot Modified: head/usr.sbin/bsdinstall/scripts/zfsboot ============================================================================== --- head/usr.sbin/bsdinstall/scripts/zfsboot Mon May 23 13:59:48 2016 (r300508) +++ head/usr.sbin/bsdinstall/scripts/zfsboot Mon May 23 15:11:01 2016 (r300509) @@ -143,7 +143,7 @@ f_isset ZFSBOOT_DATASETS || ZFSBOOT_DATA # Boot Environment [BE] root and default boot dataset /$ZFSBOOT_BEROOT_NAME mountpoint=none - /$ZFSBOOT_BEROOT_NAME/$ZFSBOOT_BOOTFS_NAME mountpoint=/,canmount=noauto + /$ZFSBOOT_BEROOT_NAME/$ZFSBOOT_BOOTFS_NAME mountpoint=/ # Compress /tmp, allow exec but not setuid /tmp mountpoint=/tmp,exec=on,setuid=off @@ -1310,6 +1310,10 @@ zfs_create_boot() "mountpoint=/$zroot_name" "$zroot_name" || return $FAILURE + f_dprintf "$funcname: Set canmount=noauto for the root of the pool..." + f_eval_catch $funcname zfs "$ZFS_SET" "canmount=noauto" \ + "$ZFSBOOT_BEROOT_NAME/$ZFSBOOT_BOOTFS_NAME" + # Touch up permissions on the tmp directories f_dprintf "$funcname: Modifying directory permissions..." local dir