Don't resolve libraries lazily if tmpdir is mounted with 'noexec'

If the temporary directory for images is mounted with 'noexec', dracut
would construct unbootable images because most dynamic libraries
aren't installed. Avoid this by not resolving library dependencies
lazily if the temporary directory is mounted with 'noexec'.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>

diff --git a/dracut.sh b/dracut.sh
index 908d344812f40c3425d38a0cbcbd27af6e15fbfd..3219dd86a5d09c1025f7aaff911c34c287d88042 100755 (executable)
--- a/dracut.sh
+++ b/dracut.sh
@@ -945,6 +945,12 @@ readonly TMPDIR="$(realpath -e "$tmpdir")"
     printf "%s\n" "dracut: Invalid tmpdir '$tmpdir'." >&2
     exit 1
 }
+
+if findmnt --raw -n --target "$tmpdir" --output=options | grep -q noexec; then
+    [[ $debug == yes ]] && printf "%s\n" "dracut: Tmpdir '$tmpdir' is mounted with 'noexec'."
+    noexec=1
+fi
+
 readonly DRACUT_TMPDIR="$(mktemp -p "$TMPDIR/" -d -t dracut.XXXXXX)"
 [ -d "$DRACUT_TMPDIR" ] || {
     printf "%s\n" "dracut: mktemp -p '$TMPDIR/' -d -t dracut.XXXXXX failed." >&2
@@ -969,7 +975,7 @@ if [[ $early_microcode = yes ]] || ( [[ $acpi_override = yes ]] && [[ -d $acpi_t
     mkdir "$early_cpio_dir"
 fi
 
-[[ -n "$dracutsysrootdir" ]] || export DRACUT_RESOLVE_LAZY="1"
+[[ -n "$dracutsysrootdir" || "$noexec" ]] || export DRACUT_RESOLVE_LAZY="1"
 
 if [[ $print_cmdline ]]; then
     stdloglvl=0