[Bug 1881006] Re: Incorrect ESP mount options
Dimitri John Ledkov
1881006 at bugs.launchpad.net
Wed Mar 3 03:44:07 UTC 2021
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubiquity in Ubuntu.
https://bugs.launchpad.net/bugs/1881006
Title:
Incorrect ESP mount options
Status in cloud-images:
New
Status in subiquity:
New
Status in grub2 package in Ubuntu:
New
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in ubiquity package in Ubuntu:
New
Bug description:
Previously we decided that ESP should be mounted with umask=0077
See
https://git.launchpad.net/ubuntu/+source/partman-
efi/commit/fstab.d/efi?id=b141ba7648e66ae80eb58d26d40dd717cfee1904
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770033
https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
This is also documented in https://wiki.ubuntu.com/FSTAB
However, in GCE instance /boot/efi is not mounted with umask=0077
fstab is:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
And in mount options are:
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
fstab should be fixed to specify "umask=0077" instead of "defaults"
for the ESP partition
also zsys setup in ubiquity does weird explicit
umask=0022,fmask=0022,dmask=0022 which are the defaults anyway, not
sure where that got those options from.
systemd, gpt-auto-generator correctly defaults to umask=0077 for ESP
mount
I think subiquity is affected, as it does not set "options:
'umask=0077'" on the /boot/efi mount in the storage specification.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1881006/+subscriptions
More information about the foundations-bugs
mailing list