[vbox-dev] [PATCH] Removed chroot comment in redhat_postinstall.sh

Valdis Kl=?utf-8?Q?=c4=93?=tnieks valdis.kletnieks at vt.edu
Mon Jul 20 04:30:15 GMT 2020

On Sun, 19 Jul 2020 02:48:22 -0500, Timothy Tacker said:

> All Kickstart files for Red Hat distributions in the UnattendedTemplates
> directory run the redhat_postinstall.sh script with --nochroot in the %post
> section.

> Nonetheless, the redhat_postinstall.sh script includes the following
> comment:
> # Note! This script expects to be running chrooted (inside new sytem).
> The patch below removes this comment. I'm licensing this patch under the
> MIT license. Please review and consider integrating. Feedback is welcome.
> Thanks!

I'd be leery of a patch that simply discards a comment - it obviously *used*
to be important enough to make the note.  Probably what is *actually* needed
here is an analysis of what the code used to do, what it does now, and whether
it should be refactored to make --nochroot the default rather than every single
user having to specify it.

Homework problem for the student - if the script doesn't actually expect to
be in a chroot by default, why are all the calls passing --nochroot? What change
in behavior does that cause? And what can go wrong if somebody doesn't know
it expects to be chrooted?

(Sorry, over the last four decades I've seen entirely too many "let's remove
the comment" patches that ended up sprouting a CVE because somebody didn't
know something important because it wasn't documented...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://www.virtualbox.org/pipermail/vbox-dev/attachments/20200720/437ecbb8/attachment.sig>

More information about the vbox-dev mailing list