From mboxrd@z Thu Jan  1 00:00:00 1970
From: Peter =?utf-8?q?M=C3=BCller?= <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: [PATCH] Core Update 170: Harden mount options of /boot on existing
 installations
Date: Wed, 06 Jul 2022 18:36:09 +0000
Message-ID: <025e3315-6a62-30cd-9a00-cc0827820433@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============4496821744361644750=="
List-Id: <development.lists.ipfire.org>

--===============4496821744361644750==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Signed-off-by: Peter M=C3=BCller <peter.mueller(a)ipfire.org>
---
 config/rootfiles/core/170/update.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/=
update.sh
index 8edb5ff2e..c9744f5f5 100644
--- a/config/rootfiles/core/170/update.sh
+++ b/config/rootfiles/core/170/update.sh
@@ -49,8 +49,11 @@ ldconfig
=20
 # Start services
=20
+# Harden mount options of /boot
+sed -e -i "s/[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:=
]]*/ \/boot    auto defaults,nodev,noexec,nosuid   /g" /etc/fstab
+
 # This update needs a reboot...
-#touch /var/run/need_reboot
+touch /var/run/need_reboot
=20
 # Finish
 /etc/init.d/fireinfo start
--=20
2.35.3

--===============4496821744361644750==--