Hello Michael, thanks for your reply. > Hello, > >> On 6 Jul 2022, at 20:36, Peter Müller wrote: >> >> Signed-off-by: Peter Müller >> --- >> config/rootfiles/core/170/update.sh | 5 ++++- >> 1 file changed, 4 insertions(+), 1 deletion(-) >> >> diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh >> index 8edb5ff2e..c9744f5f5 100644 >> --- a/config/rootfiles/core/170/update.sh >> +++ b/config/rootfiles/core/170/update.sh >> @@ -49,8 +49,11 @@ ldconfig >> >> # Start services >> >> +# Harden mount options of /boot >> +sed -e -i "s/[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*/ \/boot auto defaults,nodev,noexec,nosuid /g" /etc/fstab > > This is probably longer than it needs to. To keep regular expressions more readable, I would suggest the following: > > * Use \s instead of [[:space:]]. The latter is probably easier if you are not familiar with \s, but very hard to read. I would prefer that too, but sed does not understand PCRE (tested on C168, did not work). > * If you know that you are going to have slashes, use a different delimiter character. So instead of s/A\/B/C\/D/ you could also write s(a)A/B(a)C/D@ which is a lot easier to read. ACK, good point. > * I am not convinced editing /etc/fstab like this is a good idea, but we don’t seem to have any other option. > >> + >> # This update needs a reboot... >> -#touch /var/run/need_reboot >> +touch /var/run/need_reboot > > Why do we need to reboot? Can we not remount? Indeed. At this point, all the other stuff in C170 does not require a reboot yet. Thanks, and best regards, Peter Müller > >> >> # Finish >> /etc/init.d/fireinfo start >> -- >> 2.35.3 >