base-files: Mount debugfs and pstore with nosuid,nodev,noexec
These permissions are not needed. Systemd also mounts these file systems without these permissions on other Linux distributions. Dropping these permissions should make the system more secure. Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de> Link: https://github.com/openwrt/openwrt/pull/16960 Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
This commit is contained in:
parent
3b710375dd
commit
b88d51898d
|
@ -35,9 +35,9 @@ boot() {
|
||||||
mkdir -p /tmp/resolv.conf.d
|
mkdir -p /tmp/resolv.conf.d
|
||||||
touch /tmp/resolv.conf.d/resolv.conf.auto
|
touch /tmp/resolv.conf.d/resolv.conf.auto
|
||||||
ln -sf /tmp/resolv.conf.d/resolv.conf.auto /tmp/resolv.conf
|
ln -sf /tmp/resolv.conf.d/resolv.conf.auto /tmp/resolv.conf
|
||||||
grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
|
grep -q debugfs /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime -t debugfs debugfs /sys/kernel/debug
|
||||||
grep -q bpf /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime,mode=0700 -t bpf bpffs /sys/fs/bpf
|
grep -q bpf /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime,mode=0700 -t bpf bpffs /sys/fs/bpf
|
||||||
grep -q pstore /proc/filesystems && /bin/mount -o noatime -t pstore pstore /sys/fs/pstore
|
grep -q pstore /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime -t pstore pstore /sys/fs/pstore
|
||||||
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe
|
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe
|
||||||
|
|
||||||
touch /tmp/.config_pending
|
touch /tmp/.config_pending
|
||||||
|
|
Loading…
Reference in New Issue