First Last Prev Next    This bug is not in your last search results.
Bug 30593 - Thinclient image is writeable after installation/join
Thinclient image is writeable after installation/join
Status: CLOSED WORKSFORME
Product: Z_Univention Corporate Client (UCC)
Classification: Unclassified
Component: Client management
unspecified
Other Linux
: P5 normal
: UCC 2.0
Assigned To: Erik Damrose
Moritz Muehlenhoff
: interim-2
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-02-26 14:03 CET by Erik Damrose
Modified: 2014-06-12 09:19 CEST (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2013-02-26 14:03:39 CET 
After installing a fresh thinclient image the join takes place, which in turn updates the ucr policies for the computer. The problem is that the image is mounted r/w at this point, so all information gathered by 20univention-directory-policy.inst at this point is stored permanently. 

There is no overlayfs active after the installation:

~# mount
/dev/loop0 on / type ext4 (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
/dev/sda3 on /ucc_root type ext4 (rw,relatime,user_xattr,barrier=1,data=ordered)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
/dev/sda2 on /boot type ext4 (rw)
none on /tmp/guest-W6gA5B type tmpfs (rw,mode=700)
Comment 1 Moritz Muehlenhoff univentionstaff 2013-12-18 11:18:55 CET 
Maybe simply initiate an automatic reboot when join a thin client
Comment 2 Erik Damrose univentionstaff 2014-04-30 10:06:10 CEST 
This was apparently fixed alongside initramfs improvements during UCC 2.0 development. After the rollout and join, the thinclient image is mounted readonly and with overlayfs enabled.
Comment 3 Erik Damrose univentionstaff 2014-04-30 10:09:47 CEST 
I added a note to the UCC 2.0 rollout tests to ensure this is checked again for final release
Comment 4 Moritz Muehlenhoff univentionstaff 2014-04-30 11:55:59 CEST 
Indeed, a current UCC 2.0 thin client uses an active overlayfs after rollout:

root@testtest:~# mount
overlayfs-root on / type overlayfs (rw,errors=remount-ro)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
/dev/sda3 on /ucc_root type ext4 (rw,relatime,data=ordered)
tmpfs-root on /root-rw type tmpfs (rw,relatime)
/dev/loop0 on /root-ro type ext4 (ro,relatime,norecovery)
none on /sys/fs/cgroup type tmpfs (rw)
none on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755)
none on /sys/fs/pstore type pstore (rw)
/dev/sda2 on /boot type ext4 (rw)
systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
Comment 5 Moritz Muehlenhoff univentionstaff 2014-06-12 09:19:34 CEST 
UCC 2.0 has been released:
 http://docs.univention.de/release-notes-ucc-2.0.html

If this error occurs again, please use "Clone This Bug".
First Last Prev Next    This bug is not in your last search results.