From: Antonio Alvarez Feijoo <antonio.feijoo@suse.com>
Date: Wed, 23 Nov 2022 13:22:21 +0000 (+0100)
Subject: fix(fips): do not blindly remove /boot
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1fabbb6412b70bdd1aac5279b90b9a23a267ffc5;p=thirdparty%2Fdracut.git

fix(fips): do not blindly remove /boot

The `mount_boot` method called from fips-noboot.sh in the pre-pivot hook blindly
executes `rm -rf /boot` if there is no `boot=` command line parameter, without
first checking that /boot is not already mounted by other means.
---

diff --git a/modules.d/01fips/fips.sh b/modules.d/01fips/fips.sh
index e0caf36d6..e49ff670b 100755
--- a/modules.d/01fips/fips.sh
+++ b/modules.d/01fips/fips.sh
@@ -47,7 +47,7 @@ mount_boot() {
         mkdir -p /boot
         fips_info "Mounting $boot as /boot"
         mount -oro "$boot" /boot || return 1
-    elif [ -d "$NEWROOT/boot" ]; then
+    elif ! ismounted /boot && [ -d "$NEWROOT/boot" ]; then
         # shellcheck disable=SC2114
         rm -fr -- /boot
         ln -sf "$NEWROOT/boot" /boot