From: "Peter Müller" <peter.mueller@ipfire.org>
To: development@lists.ipfire.org
Subject: Various mount options have changed in Core Update 169
Date: Mon, 20 Jun 2022 20:34:15 +0000 [thread overview]
Message-ID: <8b05614d-bf3f-df6d-1157-b4d21235329f@ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 1861 bytes --]
Hello *,
while pre-testing Core Update 169, it came to my attention that, for some reason,
various mount options have changed since Core Update 168, lacking options such as
"nodev", "noexec", "nosuid", which means a security downgrade.
The complete delta is as follows:
$ diff -Naur before after
--- before 2022-06-20 20:04:32.436632074 +0000
+++ after 2022-06-20 20:04:34.500401575 +0000
@@ -1,12 +1,12 @@
-devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
+devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
/dev/sda1 on /boot type ext4 (rw,relatime)
/dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)
/dev/sda4 on / type ext4 (rw,relatime)
-devtmpfs on /dev type devtmpfs (rw,relatime,size=1963708k,nr_inodes=490927,mode=755)
+devtmpfs on /dev type devtmpfs (rw,nosuid,noexec,size=1949992k,nr_inodes=487498,mode=755)
efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,relatime)
none on /sys/fs/cgroup type cgroup2 (rw,relatime)
-/proc on /proc type proc (rw,relatime)
-/run on /run type tmpfs (rw,nosuid,nodev,relatime,size=8192k,mode=755)
-/sys on /sys type sysfs (rw,relatime)
-tmpfs on /dev/shm type tmpfs (rw,relatime)
+proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
+sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
+tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec)
+tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=755)
/var/lock on /var/lock type tmpfs (rw,nosuid,nodev,relatime,size=8192k)
I cannot recall of having this explicitly changed anywhere, and don't understand
the root cause for this (unwanted) change. Could somebody please point me into the
right direction? :-)
Thanks in advance, and best regards,
Peter Müller
next reply other threads:[~2022-06-20 20:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-20 20:34 Peter Müller [this message]
2022-06-21 9:41 ` Michael Tremer
2022-06-22 18:02 ` Peter Müller
2022-06-23 8:52 ` Michael Tremer
2022-06-23 10:39 ` Peter Müller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8b05614d-bf3f-df6d-1157-b4d21235329f@ipfire.org \
--to=peter.mueller@ipfire.org \
--cc=development@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox