diff options
| author | Tom Gundersen <teg@jklm.no> | 2010-12-06 12:59:05 +0100 |
|---|---|---|
| committer | Tom Gundersen <teg@jklm.no> | 2010-12-06 12:59:05 +0100 |
| commit | 73c274c27a7dd28599df1f3112de084e58b3aebf (patch) | |
| tree | 9e93dcca1b21d00086e6d015e7cc202840e78e6f | |
| parent | dc2cd6ad3808f39daf2e813da9c4de39523d5717 (diff) | |
| download | mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.gz mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.xz | |
mount: forbid suid,exec,dev from /proc and /sys
This is the counterpart to a similar patch to initscripts, making sure that the change applies regardless of whether initrd is used.
Thanks to David Reisner for pointing out that this was needed.
| -rw-r--r-- | init | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -5,8 +5,8 @@ . /init_functions msg ":: Loading Initramfs" -/bin/mount -t proc proc /proc -/bin/mount -t sysfs sys /sys +/bin/mount -t proc proc /proc -o nosuid,noexec,nodev +/bin/mount -t sysfs sys /sys -o nosuid,noexec,nodev if grep -q devtmpfs /proc/filesystems 2>/dev/null; then /bin/mount -n -t devtmpfs udev /dev -o mode=0755,size=10M,nosuid else |