18

I have /tmp on a separate partition, and mounted with noexec. I am using Debian.

The installation of some packages fails, because the post-installation scripts of some packages need to run from /tmp.

I was wondering if it would be possible to "hook" a simple script to apt-get, which would be run every time before apt-get, and remount /tmp to exec. And similarly, remount it to noexec after apt-get has finished.

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
user1968963
  • 3,973
  • 13
  • 37
  • 56

2 Answers2

29

You can use dpkg's hook system to remount it -- put this in /etc/apt/apt.conf.d/00exectmp:

DPkg::Pre-Invoke {"mount -o remount,exec /tmp";};
DPkg::Post-Invoke {"mount -o remount /tmp";};
Chris Down
  • 122,090
  • 24
  • 265
  • 262
-2

Mumble, you can simply replace apt-get with a script of yours.

Move apt-get to real-apt-get and, then, create a script called apt-get like this one:

#!/bin/sh

mount -o remount -o ... /tmp
real-apt-get "$@"
mount -o remount -o ... -o noexec /tmp

In any case, I do not like this solution. It is easier change the temporary directory environment variable when you need it. Something like (sh style):

mkdir /root/mytmp
TMPDIR=/root/mytmp
export TMPDIR
apt-get ...
rm -rf /root/mytmp

This way apt-get will use /root/mytmp as temporary dir. No need to change the system.

andcoz
  • 16,830
  • 3
  • 38
  • 45
  • 3
    ... until the `apt` package is upgraded, that is. I don't recommend messing with files supplied by packages. – reinierpost Oct 12 '16 at 14:25
  • 1
    As per previous comment, overwriting package supplied binaries is a really bad idea...! The accepted answer is superior, but even if you did want to go ahead with something like this, instead, save the script as /usr/local/bin/apt-get (or better still, probably ~/bin/apt-get assuming no other users will want it; also make sure it's in your path). Then instead of calling "real-apt-get" just use the full path /usr/bin/apt-get. Then you can get updates no problems, without breaking your script. (This relies on /usr/local/bin being before /usr/bin in PATH - default in Debian). – Jeremy Davis May 19 '17 at 06:31