Re: [Tails-dev] Please review'n'merge bugfix/safer-persisten…

Delete this message

Reply to this message
Autor: Alan
Data:  
Dla: tails-dev
Temat: Re: [Tails-dev] Please review'n'merge bugfix/safer-persistence (0.22 iteration)
Hi,

On Wed, 20 Nov 2013 20:15:52 +0100 intrigeri <intrigeri@???> wrote:
> Hi,
>
> Tails 0.21 was the first step to make the persistence feature more
> secure. Tails 0.22 is planned to clean things up and complete the
> design:

[...]
>
> This is implemented in bugfix/safer-persistence (end-user and design
> doc update included).
>

Congrats for your work.

> Please review'n'merge in time for 0.22. Any taker?
>

I've started review.

Code review passes.

One test fails (see below) and that's a blocker. I believe there is also
room for other UX improvements (see comments) but would merge it without
them.

I tested:

1. enabling persistence from 0.20.1 with a custom line. After an
upgrade to experimental:

- I get a notification that settings were disabled
- there are no mounts
- but there is still a live-presistence.conf owned by
amnesia:amnesia which is not remamed to .disabled.
I guess it's expected (as the mountpoint access rights are wrong) but
the documentation I'm pointed to from the notification is not really
clear I think. It might be better to write bolder that one should
first try to upgrade to 0.21. That also means we sould let 0.21
download-able on mirrors for a while

2. enabling persistence from 0.20.1, upgrade to 0.21, add a
live-additional-software.conf as root, upgrade to experimental.

Persistence works but live-additional software is disabled, and an
empty file is created: OK

*But* if I doesn't delete the .insecure_disabled file, on next boot I
still get the warning notification, even though additional software are
actually configured. That's a bit confusing. (I don't think this is a
blocker, but it should be fixed at leaset for next release).

3. setting manually wrong permissions

* wrong ACL on the persistent folder: OK

* wrong permission on persistence.conf: FAILS

Persistent folders are mounted even though they are reported as
unsafe.

1) # chmod go+rw persistence.conf
2) reboot
3) The warning notification shows up
4) $ mount

[...]
/live/persistence/TailsData_unlocked/Persistent on /home/amnesia/Persistent type none (rw,bind)
/live/persistence/TailsData_unlocked/apt/cache on /var/cache/apt/archives type none (rw,bind)
/live/persistence/TailsData_unlocked/apt/lists on /var/lib/apt/lists type none (rw,bind)

5) # cat /var/log/live-persist
+ shift
+ grep -qe '^--[^ ]\+\>'
+ echo activate
+ local action=activate
+ shift
+ case "${action}" in
+ echo /dev/mapper/TailsData_unlocked
+ case "${action}" in
+ grep -qe '[^[:space:]]'
+ case "${action}" in
+ activate_volumes /dev/mapper/TailsData_unlocked
+ local volumes=/dev/mapper/TailsData_unlocked
+ local ret=0
+ local open_volumes=
+ local successes=
+ local failures=
+ exec
+ for vol in '${volumes}'
+ '[' '!' -b /dev/mapper/TailsData_unlocked ']'
++ what_is_mounted_on
++ local dir
+++ trim_path
+++ echo
+++ sed 's|//\+|/|g'
+++ sed 's|^\(.*[^/]\)/$|\1|'
++ dir=
++ grep -m1 '^[^ ]\+  ' /proc/mounts
++ cut '-d ' -f1
+ '[' -n '' ']'
+ local luks_vol=
+ /sbin/cryptsetup isLuks /dev/mapper/TailsData_unlocked
+ open_volumes=' /dev/mapper/TailsData_unlocked'
++ mktemp /tmp/custom_mounts-XXXXXX.list
+ custom_mounts=/tmp/custom_mounts-zhAXTX.list
+
get_custom_mounts /tmp/custom_mounts-zhAXTX.list /dev/mapper/TailsData_unlocked
+ local custom_mounts devices bindings links
+ custom_mounts=/tmp/custom_mounts-zhAXTX.list
+ shift
+ devices=/dev/mapper/TailsData_unlocked
+ bindings=/tmp/bindings.list
+ links=/tmp/links.list
+ rm -rf /tmp/bindings.list /tmp/links.list
+ for device in '${devices}'
+ '[' '!' -b /dev/mapper/TailsData_unlocked ']'
+ local device_name backing include_list
++ basename /dev/mapper/TailsData_unlocked
+ device_name=TailsData_unlocked
++ mount_persistence_media /dev/mapper/TailsData_unlocked
++ local device probe backing old_backing fstype mount_opts
++ device=/dev/mapper/TailsData_unlocked
++ probe=
+++ basename /dev/mapper/TailsData_unlocked
++ backing=/live/persistence/TailsData_unlocked
++ mkdir -p /live/persistence/TailsData_unlocked
+++ where_is_mounted /dev/mapper/TailsData_unlocked
+++ device=/dev/mapper/TailsData_unlocked
+++ grep -m1 '^/dev/mapper/TailsData_unlocked ' /proc/mounts
+++ cut -f2 -d ' '
++ old_backing=
++ '[' -z '' ']'
+++ get_fstype /dev/mapper/TailsData_unlocked
+++ /sbin/blkid -s TYPE -o value /dev/mapper/TailsData_unlocked
++ fstype=ext4
++ mount_opts=rw,noatime
++ '[' -n '' ']'
++ mount -t ext4 -o
rw,noatime /dev/mapper/TailsData_unlocked /live/persistence/TailsData_unlocked
++ echo /live/persistence/TailsData_unlocked ++ return 0
+ backing=/live/persistence/TailsData_unlocked
+ '[' -z /live/persistence/TailsData_unlocked ']'
+ '[' -r /live/persistence/TailsData_unlocked/persistence.conf ']'
+ include_list=/live/persistence/TailsData_unlocked/persistence.conf
+ '[' -n '' ']'
+ read dir options
+ echo /home/amnesia/Persistent
+ grep -qe '^[[:space:]]*\(#.*\)\?$'
+ trim_path /home/amnesia/Persistent
+ grep -q -e '^[^/]' -e '^/lib' -e '^/lib/live\(/.*\)\?$' -e
'^/\(.*/\)\?\.\.\?\(/.*\)\?$'
+ sed 's|//\+|/|g'
+ sed 's|^\(.*[^/]\)/$|\1|'
+ echo /home/amnesia/Persistent
+ local opt_source opt_link source full_source full_dest
+ opt_source=
+ opt_link=
++ echo source=Persistent
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
+ opt_source=Persistent
+ source=/home/amnesia/Persistent
+ '[' -n Persistent ']'
+ grep -q -e '^/' -e '^\(.*/\)\?\.\.\?\(/.*\)\?$'
+ echo Persistent
+ source=Persistent
++ trim_path /live/persistence/TailsData_unlocked/Persistent
++ echo /live/persistence/TailsData_unlocked/Persistent
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ full_source=/live/persistence/TailsData_unlocked/Persistent
++ trim_path //home/amnesia/Persistent
++ echo //home/amnesia/Persistent
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ full_dest=/home/amnesia/Persistent
+ '[' -n '' ']'
+ echo
'/dev/mapper/TailsData_unlocked /live/persistence/TailsData_unlocked/Persistent /home/amnesia/Persistent
source=Persistent'
+ read dir options
+ echo /var/cache/apt/archives
+ grep -qe '^[[:space:]]*\(#.*\)\?$'
+ trim_path /var/cache/apt/archives
+ grep -q -e '^[^/]' -e '^/lib' -e '^/lib/live\(/.*\)\?$' -e
'^/\(.*/\)\?\.\.\?\(/.*\)\?$'
+ sed 's|//\+|/|g'
+ sed 's|^\(.*[^/]\)/$|\1|'
+ echo /var/cache/apt/archives
+ local opt_source opt_link source full_source full_dest
+ opt_source=
+ opt_link=
++ echo source=apt/cache
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
+ opt_source=apt/cache
+ source=/var/cache/apt/archives
+ '[' -n apt/cache ']'
+ echo apt/cache
+ grep -q -e '^/' -e '^\(.*/\)\?\.\.\?\(/.*\)\?$'
+ source=apt/cache
++ trim_path /live/persistence/TailsData_unlocked/apt/cache
++ echo /live/persistence/TailsData_unlocked/apt/cache
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ full_source=/live/persistence/TailsData_unlocked/apt/cache
++ trim_path //var/cache/apt/archives
++ echo //var/cache/apt/archives
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ full_dest=/var/cache/apt/archives
+ '[' -n '' ']'
+ echo
'/dev/mapper/TailsData_unlocked /live/persistence/TailsData_unlocked/apt/cache /var/cache/apt/archives
source=apt/cache'
+ read dir options
+ echo /var/lib/apt/lists
+ grep -qe '^[[:space:]]*\(#.*\)\?$'
+ trim_path /var/lib/apt/lists
+ grep -q -e '^[^/]' -e '^/lib' -e '^/lib/live\(/.*\)\?$' -e
'^/\(.*/\)\?\.\.\?\(/.*\)\?$'
+ sed 's|^\(.*[^/]\)/$|\1|'
+ sed 's|//\+|/|g'
+ echo /var/lib/apt/lists
+ local opt_source opt_link source full_source full_dest
+ opt_source=
+ opt_link=
++ echo source=apt/lists
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
+ opt_source=apt/lists
+ source=/var/lib/apt/lists
+ '[' -n apt/lists ']'
+ echo apt/lists
+ grep -q -e '^/' -e '^\(.*/\)\?\.\.\?\(/.*\)\?$'
+ source=apt/lists
++ trim_path /live/persistence/TailsData_unlocked/apt/lists
++ echo /live/persistence/TailsData_unlocked/apt/lists
++ sed 's|//\+|/|g'
++ sed 's|^\(.*[^/]\)/$|\1|'
+ full_source=/live/persistence/TailsData_unlocked/apt/lists
++ trim_path //var/lib/apt/lists
++ echo //var/lib/apt/lists
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ full_dest=/var/lib/apt/lists
+ '[' -n '' ']'
+ echo
'/dev/mapper/TailsData_unlocked /live/persistence/TailsData_unlocked/apt/lists /var/lib/apt/lists
source=apt/lists'
+ read dir options
+ '[' -e /tmp/bindings.list ']'
+ sort -k3 -sbu /tmp/bindings.list
+ rm /tmp/bindings.list
+ '[' -e /tmp/links.list ']'
+ local prev_source prev_dest
+ prev_source='impossible source'
+ prev_dest=
+ sort -k2 -b /tmp/custom_mounts-zhAXTX.list
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/Persistent
+ grep -qe '^impossible source\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/Persistent
+ prev_dest=/home/amnesia/Persistent
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/apt/cache
+ grep -qe '^/live/persistence/TailsData_unlocked/Persistent\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/apt/cache
+ prev_dest=/var/cache/apt/archives
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/apt/lists
+ grep -qe '^/live/persistence/TailsData_unlocked/apt/cache\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/apt/lists
+ prev_dest=/var/lib/apt/lists
+ read device source dest options
++ ls -d /live/persistence/TailsData_unlocked
+ for mountpoint in '$(ls -d /live/persistence/*_unlocked || true)'
+ mount -o remount,acl /live/persistence/TailsData_unlocked
+ ACCESS_RIGHTS_ARE_CORRECT=true
++ ls -d /live/persistence/TailsData_unlocked
+ for mountpoint in '$(ls -d /live/persistence/*_unlocked || true)'
+
mountpoint_has_correct_access_rights /live/persistence/TailsData_unlocked
+ local mountpoint=/live/persistence/TailsData_unlocked
+ local expected_user=root
+ local expected_group=root
+ local expected_perms=775
+ local 'expected_acl=user::rwx
user:tails-persistence-setup:rwx
group::rwx
mask::rwx
other::r-x'
++ stat -c %U /live/persistence/TailsData_unlocked
+ '[' root '!=' root ']'
++ stat -c %G /live/persistence/TailsData_unlocked
+ '[' root '!=' root ']'
++ stat -c %a /live/persistence/TailsData_unlocked
+ '[' 775 '!=' 775 ']'
++ getfacl --omit-header
--skip-base /live/persistence/TailsData_unlocked ++ grep -v '^\s*$'
+ '[' 'user::rwx
user:tails-persistence-setup:rwx
group::rwx
mask::rwx
other::r-x' '!=' 'user::rwx
user:tails-persistence-setup:rwx
group::rwx
mask::rwx
other::r-x' ']'
+ return 0
+ '[' true '!=' true ']'
++
ls /live/persistence/TailsData_unlocked/persistence.conf /live/persistence/TailsData_unlocked/live-additional-software.conf
+ for f in '$(ls /live/persistence/*_unlocked/persistence.conf
                  /live/persistence/*_unlocked/live-additional-software.conf

|| true)'

+
persistence_conf_file_has_correct_access_rights /live/persistence/TailsData_unlocked/live-additional-software.conf
+ local
conf=/live/persistence/TailsData_unlocked/live-additional-software.conf
+ local expected_user=tails-persistence-setup
+ local expected_group=tails-persistence-setup
+ local expected_perms=600
+ local expected_acl=
++ stat -c
%U /live/persistence/TailsData_unlocked/live-additional-software.conf
+ '[' tails-persistence-setup '!=' tails-persistence-setup ']'
++ stat -c
%G /live/persistence/TailsData_unlocked/live-additional-software.conf
+ '[' tails-persistence-setup '!=' tails-persistence-setup ']'
++ stat -c
%a /live/persistence/TailsData_unlocked/live-additional-software.conf
+ '[' 600 '!=' 600 ']'
++ getfacl --omit-header
--skip-base /live/persistence/TailsData_unlocked/live-additional-software.conf
++ grep -v '^\s*$'
+ '[' '' '!=' '' ']'
+ return 0
+ for f in '$(ls /live/persistence/*_unlocked/persistence.conf
                  /live/persistence/*_unlocked/live-additional-software.conf

|| true)'

+
persistence_conf_file_has_correct_access_rights /live/persistence/TailsData_unlocked/persistence.conf
+ local conf=/live/persistence/TailsData_unlocked/persistence.conf
+ local expected_user=tails-persistence-setup
+ local expected_group=tails-persistence-setup
+ local expected_perms=600
+ local expected_acl=
++ stat -c %U /live/persistence/TailsData_unlocked/persistence.conf
+ '[' tails-persistence-setup '!=' tails-persistence-setup ']'
++ stat -c %G /live/persistence/TailsData_unlocked/persistence.conf
+ '[' tails-persistence-setup '!=' tails-persistence-setup ']'
++ stat -c %a /live/persistence/TailsData_unlocked/persistence.conf
+ '[' 666 '!=' 600 ']'
+ warning
''\''/live/persistence/TailsData_unlocked/persistence.conf'\''
permissions are not 600'
+ echo 'warning:
'\''/live/persistence/TailsData_unlocked/persistence.conf'\''
permissions are not 600'
+ return 4
+ warning 'Disabling
'\''/live/persistence/TailsData_unlocked/persistence.conf'\'', that has
unsafe access rights'
+ echo 'warning: Disabling
'\''/live/persistence/TailsData_unlocked/persistence.conf'\'', that has
unsafe access rights'
+
disable_and_create_empty_persistence_conf_file /live/persistence/TailsData_unlocked/persistence.conf
+ local conf=/live/persistence/TailsData_unlocked/persistence.conf
+
mv /live/persistence/TailsData_unlocked/persistence.conf /live/persistence/TailsData_unlocked/persistence.conf.insecure_disabled
+ install --owner tails-persistence-setup --group
tails-persistence-setup --mode
0600 /dev/null /live/persistence/TailsData_unlocked/persistence.conf
+
get_custom_mounts /tmp/custom_mounts-zhAXTX.list /dev/mapper/TailsData_unlocked
+ local custom_mounts devices bindings links
+ custom_mounts=/tmp/custom_mounts-zhAXTX.list
+ shift
+ devices=/dev/mapper/TailsData_unlocked
+ bindings=/tmp/bindings.list
+ links=/tmp/links.list
+ rm -rf /tmp/bindings.list /tmp/links.list
+ for device in '${devices}'
+ '[' '!' -b /dev/mapper/TailsData_unlocked ']'
+ local device_name backing include_list
++ basename /dev/mapper/TailsData_unlocked
+ device_name=TailsData_unlocked
++ mount_persistence_media /dev/mapper/TailsData_unlocked
++ local device probe backing old_backing fstype mount_opts
++ device=/dev/mapper/TailsData_unlocked
++ probe=
+++ basename /dev/mapper/TailsData_unlocked
++ backing=/live/persistence/TailsData_unlocked
++ mkdir -p /live/persistence/TailsData_unlocked
+++ where_is_mounted /dev/mapper/TailsData_unlocked
+++ device=/dev/mapper/TailsData_unlocked
+++ cut -f2 -d ' '
+++ grep -m1 '^/dev/mapper/TailsData_unlocked ' /proc/mounts
++ old_backing=/live/persistence/TailsData_unlocked
++ '[' -z /live/persistence/TailsData_unlocked ']'
++ '[' /live/persistence/TailsData_unlocked
'!=' /live/persistence/TailsData_unlocked ']' ++
echo /live/persistence/TailsData_unlocked ++ return 0
+ backing=/live/persistence/TailsData_unlocked
+ '[' -z /live/persistence/TailsData_unlocked ']'
+ '[' -r /live/persistence/TailsData_unlocked/persistence.conf ']'
+ include_list=/live/persistence/TailsData_unlocked/persistence.conf
+ '[' -n '' ']'
+ read dir options
+ '[' -e /tmp/bindings.list ']'
+ '[' -e /tmp/links.list ']'
+ local prev_source prev_dest
+ prev_source='impossible source'
+ prev_dest=
+ sort -k2 -b /tmp/custom_mounts-zhAXTX.list
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/Persistent
+ grep -qe '^impossible source\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/Persistent
+ prev_dest=/home/amnesia/Persistent
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/apt/cache
+ grep -qe '^/live/persistence/TailsData_unlocked/Persistent\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/apt/cache
+ prev_dest=/var/cache/apt/archives
+ read device source dest options
+ echo /live/persistence/TailsData_unlocked/apt/lists
+ grep -qe '^/live/persistence/TailsData_unlocked/apt/cache\(/.*\)\?$'
+ prev_source=/live/persistence/TailsData_unlocked/apt/lists
+ prev_dest=/var/lib/apt/lists
+ read device source dest options
+ '[' -s /tmp/custom_mounts-zhAXTX.list ']'
+ activate_custom_mounts /tmp/custom_mounts-zhAXTX.list
+ local custom_mounts used_devices
+ custom_mounts=/tmp/custom_mounts-zhAXTX.list
+ used_devices=
+ read device source dest options
+ local opt_bind opt_link opt_union
+ opt_bind=true
+ opt_link=
+ opt_union=
++ echo source=Persistent
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
++ what_is_mounted_on /home/amnesia/Persistent
++ local dir
+++ trim_path /home/amnesia/Persistent
+++ echo /home/amnesia/Persistent
+++ sed 's|//\+|/|g'
+++ sed 's|^\(.*[^/]\)/$|\1|'
++ dir=/home/amnesia/Persistent
++ grep -m1 '^[^ ]\+ /home/amnesia/Persistent ' /proc/mounts
++ cut '-d ' -f1
+ case "${opt}" in
+ '[' -n '' ']'
+ '[' '!' -d /home/amnesia/Persistent ']'
+ path=/
++ sed -e 's|/\+| |g'
++ echo /home/amnesia/Persistent
+ for dir in '$(echo ${dest} | sed -e '\''s|/\+| |g'\'')'
++ trim_path //home
++ echo //home
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ path=/home
+ '[' -f /home ']'
+ '[' '!' -e /home ']'
+ for dir in '$(echo ${dest} | sed -e '\''s|/\+| |g'\'')'
++ trim_path /home/amnesia
++ echo /home/amnesia
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ path=/home/amnesia
+ '[' -f /home/amnesia ']'
+ '[' '!' -e /home/amnesia ']'
+ for dir in '$(echo ${dest} | sed -e '\''s|/\+| |g'\'')'
++ trim_path /home/amnesia/Persistent
++ echo /home/amnesia/Persistent
++ sed 's|^\(.*[^/]\)/$|\1|'
++ sed 's|//\+|/|g'
+ path=/home/amnesia/Persistent
+ '[' -f /home/amnesia/Persistent ']'
+ '[' '!' -e /home/amnesia/Persistent ']'
+ mkdir -p /home/amnesia/Persistent
+ echo /home/amnesia/Persistent
+ grep -qe '^/*home/[^/]\+'
+ chown 1000:1000 /home/amnesia/Persistent
+ '[' '!' -d /live/persistence/TailsData_unlocked/Persistent ']'
+ local rootfs_dest_backing
+ rootfs_dest_backing=
+ '[' -n ']'
+ for d in '/live/rootfs/*'
+ '[' -n '' ']'
+ fs='/live/rootfs/*//home/amnesia/Persistent'
+ '[' -d '/live/rootfs/*//home/amnesia/Persistent' ']'
+ local cow_dir links_source
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n true ']'
+ '[' -z '' ']'
+ mount
--bind /live/persistence/TailsData_unlocked/Persistent /home/amnesia/Persistent
+ PERSISTENCE_IS_ON=1
+ export PERSISTENCE_IS_ON
+ echo
+ grep -qve '^\(.* \)\?/dev/mapper/TailsData_unlocked\( .*\)\?$'
+ used_devices=' /dev/mapper/TailsData_unlocked'
+ read device source dest options
+ local opt_bind opt_link opt_union
+ opt_bind=true
+ opt_link=
+ opt_union=
++ echo source=apt/cache
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
++ what_is_mounted_on /var/cache/apt/archives
++ local dir
+++ trim_path /var/cache/apt/archives
+++ echo /var/cache/apt/archives
+++ sed 's|^\(.*[^/]\)/$|\1|'
+++ sed 's|//\+|/|g'
++ dir=/var/cache/apt/archives
++ grep -m1 '^[^ ]\+ /var/cache/apt/archives ' /proc/mounts
++ cut '-d ' -f1
+ case "${opt}" in
+ '[' -n '' ']'
+ '[' '!' -d /var/cache/apt/archives ']'
+ '[' '!' -d /live/persistence/TailsData_unlocked/apt/cache ']'
+ local rootfs_dest_backing
+ rootfs_dest_backing=
+ '[' -n ']'
+ for d in '/live/rootfs/*'
+ '[' -n '' ']'
+ fs='/live/rootfs/*//var/cache/apt/archives'
+ '[' -d '/live/rootfs/*//var/cache/apt/archives' ']'
+ local cow_dir links_source
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n true ']'
+ '[' -z '' ']'
+ mount
--bind /live/persistence/TailsData_unlocked/apt/cache /var/cache/apt/archives
+ PERSISTENCE_IS_ON=1
+ export PERSISTENCE_IS_ON
+ echo /dev/mapper/TailsData_unlocked
+ grep -qve '^\(.* \)\?/dev/mapper/TailsData_unlocked\( .*\)\?$'
+ read device source dest options
+ local opt_bind opt_link opt_union
+ opt_bind=true
+ opt_link=
+ opt_union=
++ echo source=apt/lists
++ tr , ' '
+ for opt in '$(echo ${options} | tr '\'','\'' '\'' '\'')'
+ case "${opt}" in
++ what_is_mounted_on /var/lib/apt/lists
++ local dir
+++ trim_path /var/lib/apt/lists
+++ echo /var/lib/apt/lists
+++ sed 's|//\+|/|g'
+++ sed 's|^\(.*[^/]\)/$|\1|'
++ dir=/var/lib/apt/lists
++ grep -m1 '^[^ ]\+ /var/lib/apt/lists ' /proc/mounts
++ cut '-d ' -f1
+ case "${opt}" in
+ '[' -n '' ']'
+ '[' '!' -d /var/lib/apt/lists ']'
+ '[' '!' -d /live/persistence/TailsData_unlocked/apt/lists ']'
+ local rootfs_dest_backing
+ rootfs_dest_backing=
+ '[' -n ']'
+ for d in '/live/rootfs/*'
+ '[' -n '' ']'
+ fs='/live/rootfs/*//var/lib/apt/lists'
+ '[' -d '/live/rootfs/*//var/lib/apt/lists' ']'
+ local cow_dir links_source
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n '' ']'
+ '[' -n true ']'
+ '[' -z '' ']'
+ mount
--bind /live/persistence/TailsData_unlocked/apt/lists /var/lib/apt/lists
+ PERSISTENCE_IS_ON=1
+ export PERSISTENCE_IS_ON
+ echo /dev/mapper/TailsData_unlocked
+ grep -qve '^\(.* \)\?/dev/mapper/TailsData_unlocked\( .*\)\?$'
+ read device source dest options
+ echo /dev/mapper/TailsData_unlocked
+ fix_gconf_dirs
+ for home in '/home/*'
+ '[' '!' -e /home/amnesia/.gconf ']'
++ stat -c %u:%g /home/amnesia
+ local ownership=1000:1000
+ find /home/amnesia/.gconf -type d
+ IFS=
+ read -r dir
+ local conf=/home/amnesia/.gconf/%gconf.xml
+ '[' '!' -e /home/amnesia/.gconf/%gconf.xml ']'
+ touch /home/amnesia/.gconf/%gconf.xml
+ chown 1000:1000 /home/amnesia/.gconf/%gconf.xml
+ IFS=
+ read -r dir
+ local conf=/home/amnesia/.gconf/apps/%gconf.xml
+ '[' '!' -e /home/amnesia/.gconf/apps/%gconf.xml ']'
+ IFS=
+ read -r dir
+ local conf=/home/amnesia/.gconf/apps/gnome-power-manager/%gconf.xml
+ '[' '!' -e /home/amnesia/.gconf/apps/gnome-power-manager/%gconf.xml
']'
+ IFS=
+ read -r dir
+ local
conf=/home/amnesia/.gconf/apps/gnome-power-manager/general/%gconf.xml
+ '[' '!'
-e /home/amnesia/.gconf/apps/gnome-power-manager/general/%gconf.xml ']'
+ IFS=
+ read -r dir
+ local conf=/home/amnesia/.gconf/apps/panel/%gconf.xml
+ '[' '!' -e /home/amnesia/.gconf/apps/panel/%gconf.xml ']'
+ IFS=
+ read -r dir
+ local conf=/home/amnesia/.gconf/apps/panel/global/%gconf.xml
+ '[' '!' -e /home/amnesia/.gconf/apps/panel/global/%gconf.xml ']'
+ IFS=
+ read -r dir
+ for home in '/home/*'
+ '[' '!' -e /home/clearnet/.gconf ']'
+ continue
+ for home in '/home/*'
+ '[' '!' -e /home/vidalia/.gconf ']'
+ continue
+ rm -f /tmp/custom_mounts-zhAXTX.list
+ for vol in '${open_volumes}'
+ grep -qe '^/dev/mapper/TailsData_unlocked\>' /proc/mounts
+ successes=' /dev/mapper/TailsData_unlocked'
+ '[' -n ' /dev/mapper/TailsData_unlocked' ']'
+ echo Successes:
+ for vol in '${successes}'
+ echo ' - /dev/mapper/TailsData_unlocked'
+ '[' -n '' ']'
+ exit 0