fix, skip deletion of system.map files on read-only filesystems

This is required for Qubes /lib/modules read-only implementation at time of writing. Thanks to @marmarek for the bug report! https://forums.whonix.org/t/remove-system-map-cannot-work-lib-modules-is-mounted-read-only/13324
2024-12-26 18:59:26 -05:00 · 2022-02-10 13:44:55 -05:00 · 2022-02-10 13:44:55 -05:00 · 4f6f588fb5
commit 4f6f588fb5
parent 356232677a
1 changed files with 8 additions and 3 deletions
--- a/usr/libexec/security-misc/remove-system.map
+++ b/usr/libexec/security-misc/remove-system.map
@ -26,9 +26,14 @@ fi
 ## Removes the System.map files as they are only used for debugging or malware.
 for filename in ${system_map_location} ; do
   if [ -f "${filename}" ]; then
-      ## 'shred' with '--verbose' is too chatty. (7 lines)
-      shred --force --zero -u "${filename}"
-      echo "removed '${filename}'"
+      if [ -w "${filename}" ]; then
+         ## 'shred' with '--verbose' is too chatty. (7 lines)
+         shred --force --zero -u "${filename}"
+         echo "removed '${filename}'"
+      else
+         echo "Cannot delete '${filename}' - read-only. For details, see: https://www.kicksecure.com/wiki/security-misc#system_map"
+         exit 0
+      fi
   fi
 done