From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] flash-images: Harden mount options of /boot Date: Mon, 13 Jun 2022 14:38:09 +0100 Message-ID: In-Reply-To: <4ce28633-75b5-c22d-a0aa-2f9e3c0aab85@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1413788541179391631==" List-Id: --===============1413788541179391631== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Reviewed-by: Michael Tremer > On 11 Jun 2022, at 07:47, Peter M=C3=BCller wr= ote: >=20 > Signed-off-by: Peter M=C3=BCller > --- > lfs/flash-images | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) >=20 > diff --git a/lfs/flash-images b/lfs/flash-images > index 3cf81fb6d..8a033c310 100644 > --- a/lfs/flash-images > +++ b/lfs/flash-images > @@ -1,7 +1,7 @@ > ###########################################################################= #### > # = # > # IPFire.org - A linux based firewall = # > -# Copyright (C) 2007-2021 IPFire Team = # > +# Copyright (C) 2007-2022 IPFire Team = # > # = # > # This program is free software: you can redistribute it and/or modify = # > # it under the terms of the GNU General Public License as published by = # > @@ -167,7 +167,7 @@ endif >=20 > # Create /etc/fstab > printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_BOOT))" "/boot" \ > - "auto" "defaults" 1 2 > $(MNThdd)/etc/fstab > + "auto" "defaults,nodev,noexec,nosuid" 1 2 > $(MNThdd)/etc/fstab > ifeq "$(EFI)" "1" > printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_EFI))" "/boot/efi"= \ > "auto" "defaults" 1 2 >> $(MNThdd)/etc/fstab > --=20 > 2.35.3 --===============1413788541179391631==--