diff --git a/apt/files/50debconf-exec-tmp b/apt/files/50debconf-exec-tmp new file mode 100644 index 0000000000000000000000000000000000000000..ed2f4bc0568b6610d7fb0e424175a042dd950b7d --- /dev/null +++ b/apt/files/50debconf-exec-tmp @@ -0,0 +1,4 @@ +# several packages execute scripts written to /tmp +# this is officially a bug and /tmp is usually noexec on our systems +DPkg::Pre-Invoke {"mount -o remount,exec /tmp";}; +DPkg::Post-Invoke {"mount -o remount,noexec /tmp";}; diff --git a/apt/tasks/main.yml b/apt/tasks/main.yml index 7894c93e01d1716df28ecf2de2c3301323d19fd9..10a384940507a47a4f4878ddaf3539f3c99e0566 100644 --- a/apt/tasks/main.yml +++ b/apt/tasks/main.yml @@ -2,3 +2,9 @@ - include: repositories.yml - meta: flush_handlers + +- name: ensure fix of /tmp script bug + copy: src=50debconf-exec-tmp dest=/etc/apt/apt.conf.d/ owner=root group=root mode=0644 + tags: + - config + - apt