Hi,
While working on the automated test suite I wrote a scenario testing
that Debian bug #645466 is fixed. When running said scenario for Tails
0.17 (with the changes necessary for the test suite applied) it turns
out it's not, so...
Re-opened ticket:
https://tails.boum.org/bugs/writable_system_disk:_belongs_to_floppy_group/
New commits in bugfix/writable_boot_media:
ae530a1 New fix for bugs/writable_system_disk:_belongs_to_floppy_group
05c8cf6 Add a shell library for determining stuff about the boot device.
I revived the previous bugfix branch for this and implemented a fix
which uses a udev rule to get closer to the root of the problem compared
to the previous fix, which happened at live-config time. Obviously the
old fix only worked if udev starts before live-config, and I suspect
something has changed w.r.t. that.
The end result of the new fix is that the boot device (e.g. /dev/sda)
and all its children (i.e. boot/system partition (e.g. /dev/sda1,
"Tails") and any persistent partition (e.g. /dev/sda2, "TailsData")) get
group ownership 'disk' instead of Debian's default of 'floppy'. That's
different compared to the old fix, which only changes the ownership like
that for the boot device and boot/system partition (e.g. /dev/sda and
/dev/sda1). I half expected this difference to create permission issues
for tails-persistence-setup, and that we got, but seemingly for other
reasons...
With the new fix, tails-persistence-setup exits due to a permission
error at an inappropriate time, resulting in an unbootable Tails (at
least after creating a new persistent partition). After both creation
and deletion I get this output:
created /org/freedesktop/UDisks/devices/dm_2d0.
Problem opening /dev/sda for reading! Error is 13.
You must run this program as root or use sudo!
"/sbin/sgdisk" unexpectedly returned exit value 2 at (eval 347)
line 13 at /usr/share/perl5/Tails/Persistence/Setup.pm line 935
The error occurs in the function fix_system_partition_attribues(), so
I'm not surprised that it makes Tails unbootable. For the record,
modyfing the new udev rules to set group ownership to 'floppy' instead
of 'disk' and restarting the udev service makes this t-p-s issue go
away. In fact, writing rules that makes it so that only the boot device
(/dev/sda) is owned by 'floppy' but that its children is owned by 'disk'
is enough.
As I alluded to above, I was expecting this new fix to introduce issues
with the *persistent partition* but it's created without issue and can
be unlocked + mounted etc. In fact, according to my tests, the call to
`sgdisk` on the boot device (/dev/sda) is the only thing that has
permission issues because it is owned by 'disk' instead of 'floppy' (I
guess the rest is udisks magic). This worries me as the old fix should
have set the same group ownership for the boot device (remember, only
the persistent partition's ownership differs between the old and new
fix). Did the old fix never work? Or am I missing something?
Any way, the focus should be on getting the new fix to work. As I'm
overcommitted with other obligations I won't have time to look into the
exact workings of t-p-s vs udisks/sgdisk permissions vs group privileges
etc. very soon to learn what exactly is going on. Please, maintainer of
t-p-s, could you have a look? I hope the above clues make it clear enough.
Note: The same approach used by the udev rule added in this branch could
make it so that only the TailsData partition *on the boot device* is
hidden in 99-hide-TailsData.rules if that's what we want. Ticket
todo/hide_only_current_running_TailsData has been updated accordingly.
Cheers!