From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: Various mount options have changed in Core Update 169 Date: Tue, 21 Jun 2022 10:41:46 +0100 Message-ID: <465A366A-4FD1-46C1-8D3B-9C0B16475C8F@ipfire.org> In-Reply-To: <8b05614d-bf3f-df6d-1157-b4d21235329f@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============9173562878047644045==" List-Id: --===============9173562878047644045== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello, I suppose this is coming from changing dracut. Unless I am reading your diff wrong, those options have been added which is a= good thing?! -Michael > On 20 Jun 2022, at 21:34, Peter M=C3=BCller wr= ote: >=20 > Hello *, >=20 > while pre-testing Core Update 169, it came to my attention that, for some r= eason, > various mount options have changed since Core Update 168, lacking options s= uch as > "nodev", "noexec", "nosuid", which means a security downgrade. >=20 > The complete delta is as follows: >=20 > $ diff -Naur before after > --- before 2022-06-20 20:04:32.436632074 +0000 > +++ after 2022-06-20 20:04:34.500401575 +0000 > @@ -1,12 +1,12 @@ > -devpts on /dev/pts type devpts (rw,relatime,gid=3D5,mode=3D620,ptmxmode=3D= 000) > +devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=3D5,mode=3D6= 20,ptmxmode=3D000) > /dev/sda1 on /boot type ext4 (rw,relatime) > /dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=3D0022,dmask=3D0022,cod= epage=3D437,iocharset=3Dascii,shortname=3Dmixed,errors=3Dremount-ro) > /dev/sda4 on / type ext4 (rw,relatime) > -devtmpfs on /dev type devtmpfs (rw,relatime,size=3D1963708k,nr_inodes=3D49= 0927,mode=3D755) > +devtmpfs on /dev type devtmpfs (rw,nosuid,noexec,size=3D1949992k,nr_inodes= =3D487498,mode=3D755) > efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,relatime) > none on /sys/fs/cgroup type cgroup2 (rw,relatime) > -/proc on /proc type proc (rw,relatime) > -/run on /run type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k,mode=3D755) > -/sys on /sys type sysfs (rw,relatime) > -tmpfs on /dev/shm type tmpfs (rw,relatime) > +proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) > +sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) > +tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec) > +tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=3D755) > /var/lock on /var/lock type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k) >=20 > I cannot recall of having this explicitly changed anywhere, and don't under= stand > the root cause for this (unwanted) change. Could somebody please point me i= nto the > right direction? :-) >=20 > Thanks in advance, and best regards, > Peter M=C3=BCller --===============9173562878047644045==--