From: Stuart Cardall <developer@it-offshore.co.uk>
Date: Sun, 25 Feb 2018 11:50:13 +0000 (+0000)
Subject: fix download template for /tmp as tmpfs or noexec
X-Git-Tag: lxc-2.0.10~200
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1f3ae603f69227434fcb29f89c9b0d1d5ee71b1e;p=thirdparty%2Flxc.git

fix download template for /tmp as tmpfs or noexec

* prepend $LXC_PATH to $DOWNLOAD_TEMP on systems with /tmp mounted
  securely as a small tmpfs / noexec

* gpg_setup() creates $DOWNLOAD_TEMP so remove superflous mkdir

* fixes https://github.com/lxc/lxc/issues/516

Signed-off-by: Stuart Cardall <developer@it-offshore.co.uk>
---

diff --git a/templates/lxc-download.in b/templates/lxc-download.in
index 2cffa9dc1..f1ac4e20f 100644
--- a/templates/lxc-download.in
+++ b/templates/lxc-download.in
@@ -46,6 +46,7 @@ DOWNLOAD_URL=
 DOWNLOAD_USE_CACHE="false"
 DOWNLOAD_VALIDATE="true"
 DOWNLOAD_VARIANT="default"
+DOWNLOAD_TEMP=
 
 LXC_MAPPED_GID=
 LXC_MAPPED_UID=
@@ -311,11 +312,15 @@ fi
 # Trap all exit signals
 trap cleanup EXIT HUP INT TERM
 
+# /tmp may be mounted in tmpfs or noexec
+if mountpoint -q /tmp; then
+    DOWNLOAD_TEMP="${LXC_PATH}"
+fi
+
 if ! command -V mktemp >/dev/null 2>&1; then
-    DOWNLOAD_TEMP=/tmp/lxc-download.$$
-    mkdir -p "${DOWNLOAD_TEMP}"
+    DOWNLOAD_TEMP="${DOWNLOAD_TEMP}/tmp/lxc-download.$$"
 else
-    DOWNLOAD_TEMP=$(mktemp -d)
+    DOWNLOAD_TEMP="${DOWNLOAD_TEMP}$(mktemp -d)"
 fi
 
 # Simply list images