mount: forbid suid,exec,dev from /proc and /sys

This is the counterpart to a similar patch to initscripts, making sure that the change applies regardless of whether initrd is used. Thanks to David Reisner for pointing out that this was needed.
author: Tom Gundersen <teg@jklm.no> 2010-12-06 12:59:05 +0100
committer: Tom Gundersen <teg@jklm.no> 2010-12-06 12:59:05 +0100
commit: 73c274c27a7dd28599df1f3112de084e58b3aebf (patch)
tree: 9e93dcca1b21d00086e6d015e7cc202840e78e6f /init
parent: dc2cd6ad3808f39daf2e813da9c4de39523d5717 (diff)
download: mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.gz
mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.xz
1 files changed, 2 insertions, 2 deletions
diff --git a/init b/init
index 27f43f2..83cd75c 100644
--- a/init
+++ b/init
@@ -5,8 +5,8 @@
 . /init_functions
 
 msg ":: Loading Initramfs"
-/bin/mount -t proc proc /proc
-/bin/mount -t sysfs sys /sys
+/bin/mount -t proc proc /proc -o nosuid,noexec,nodev
+/bin/mount -t sysfs sys /sys -o nosuid,noexec,nodev
 if grep -q devtmpfs /proc/filesystems 2>/dev/null; then
   /bin/mount -n -t devtmpfs udev /dev -o mode=0755,size=10M,nosuid
 else
author	Tom Gundersen <teg@jklm.no>	2010-12-06 12:59:05 +0100
committer	Tom Gundersen <teg@jklm.no>	2010-12-06 12:59:05 +0100
commit	73c274c27a7dd28599df1f3112de084e58b3aebf (patch)
tree	9e93dcca1b21d00086e6d015e7cc202840e78e6f /init
parent	dc2cd6ad3808f39daf2e813da9c4de39523d5717 (diff)
download	mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.gz mkinitcpio-73c274c27a7dd28599df1f3112de084e58b3aebf.tar.xz