From 667453596a1f20bd81e80f838b2242348bdde9f4 Mon Sep 17 00:00:00 2001 From: Stefan Strobl Date: Wed, 24 Dec 2025 15:28:05 +0100 Subject: [PATCH] fix(rollback): cleanup bind mounts on failure Add cleanup for bind mounts (/dev, /proc, /sys, /run) created during post-install phase. Without this, failures in post-install leave bind mounts active, preventing subsequent cleanup of the main filesystem mounts. Clean bind mounts first (innermost to outermost), then regular mounts, then LUKS mapping to ensure proper teardown order. Decision: Check each bind mount individually rather than relying on umount -R to handle everything, for better error reporting and partial cleanup capability. Context: Bind mounts are only created if post-install phase is reached, but rollback must handle cleanup from any failure point. --- src/rollback.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/rollback.sh b/src/rollback.sh index 3f6109c..5171c17 100644 --- a/src/rollback.sh +++ b/src/rollback.sh @@ -58,11 +58,24 @@ rollback_offer() { rollback_cleanup() { : "${MOUNT_ROOT:?Mount root is required}" : "${CRYPT_NAME:?Crypt mapping name is required}" + + # Clean up bind mounts first (from postinstall) + if [[ -d "$MOUNT_ROOT" ]]; then + for bind_path in dev proc sys run; do + if findmnt "$MOUNT_ROOT/$bind_path" >/dev/null 2>&1; then + log_info "Unmounting bind mount: $MOUNT_ROOT/$bind_path" + umount -R "$MOUNT_ROOT/$bind_path" 2>/dev/null || log_warn "Failed to unmount $MOUNT_ROOT/$bind_path" + fi + done + fi + + # Clean up regular mounts if findmnt "$MOUNT_ROOT" >/dev/null 2>&1; then log_info "Unmounting $MOUNT_ROOT" umount -R "$MOUNT_ROOT" || log_warn "Failed to unmount $MOUNT_ROOT" fi + # Close LUKS mapping if [[ -e "/dev/mapper/$CRYPT_NAME" ]]; then log_info "Closing LUKS mapping $CRYPT_NAME" cryptsetup close "$CRYPT_NAME" || log_warn "Failed to close LUKS mapping"