From mboxrd@z Thu Jan  1 00:00:00 1970
From: Michael Tremer <michael.tremer@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: Various mount options have changed in Core Update 169
Date: Thu, 23 Jun 2022 09:52:49 +0100
Message-ID: <B2FA8237-F7E4-42B3-AF7C-C800E776A7F4@ipfire.org>
In-Reply-To: <8df35ad8-da3b-81e7-d119-2a7c95c07005@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============2571778795522858061=="
List-Id: <development.lists.ipfire.org>

--===============2571778795522858061==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hello,

> On 22 Jun 2022, at 19:02, Peter M=C3=BCller <peter.mueller(a)ipfire.org> wr=
ote:
>=20
> Hello Michael,
>=20
> thanks for your reply.
>=20
>> Hello,
>>=20
>> I suppose this is coming from changing dracut.
>=20
> As discussed on the phone already, I don't think dracut is the root cause h=
ere, since
> the mount options are fine on systems running Core Update 168. Some change =
in Core Update
> 169 caused this issue.

Okay. Could we please find out what has been causing this?

This is a change I would definitely care about and things like this should no=
t just change.

>=20
>> Unless I am reading your diff wrong, those options have been added which i=
s a good thing?!
>=20
> No, it is the other way round. Silly me screwed up the diff. :-/
>=20
> Anyway, commit 54bd60b67b477e5d5814293a74086dff1c21ac69 addresses all of th=
em except for
> /dev. I searched and was unable to find any component where /dev is (re)mou=
nted in the way
> it is shown in the output of "mount".
>=20
> Do you have any ideas?
>=20
> Thanks, and best regards,
> Peter M=C3=BCller
>=20
>>=20
>> -Michael
>>=20
>>> On 20 Jun 2022, at 21:34, Peter M=C3=BCller <peter.mueller(a)ipfire.org> =
wrote:
>>>=20
>>> Hello *,
>>>=20
>>> while pre-testing Core Update 169, it came to my attention that, for some=
 reason,
>>> various mount options have changed since Core Update 168, lacking options=
 such as
>>> "nodev", "noexec", "nosuid", which means a security downgrade.
>>>=20
>>> The complete delta is as follows:
>>>=20
>>> $ diff -Naur before after
>>> --- before	2022-06-20 20:04:32.436632074 +0000
>>> +++ after	2022-06-20 20:04:34.500401575 +0000
>>> @@ -1,12 +1,12 @@
>>> -devpts on /dev/pts type devpts (rw,relatime,gid=3D5,mode=3D620,ptmxmode=
=3D000)
>>> +devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=3D5,mode=
=3D620,ptmxmode=3D000)
>>> /dev/sda1 on /boot type ext4 (rw,relatime)
>>> /dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=3D0022,dmask=3D0022,c=
odepage=3D437,iocharset=3Dascii,shortname=3Dmixed,errors=3Dremount-ro)
>>> /dev/sda4 on / type ext4 (rw,relatime)
>>> -devtmpfs on /dev type devtmpfs (rw,relatime,size=3D1963708k,nr_inodes=3D=
490927,mode=3D755)
>>> +devtmpfs on /dev type devtmpfs (rw,nosuid,noexec,size=3D1949992k,nr_inod=
es=3D487498,mode=3D755)
>>> efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,relatime)
>>> none on /sys/fs/cgroup type cgroup2 (rw,relatime)
>>> -/proc on /proc type proc (rw,relatime)
>>> -/run on /run type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k,mode=3D75=
5)
>>> -/sys on /sys type sysfs (rw,relatime)
>>> -tmpfs on /dev/shm type tmpfs (rw,relatime)
>>> +proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
>>> +sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
>>> +tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec)
>>> +tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=3D755)
>>> /var/lock on /var/lock type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k)
>>>=20
>>> I cannot recall of having this explicitly changed anywhere, and don't und=
erstand
>>> the root cause for this (unwanted) change. Could somebody please point me=
 into the
>>> right direction? :-)
>>>=20
>>> Thanks in advance, and best regards,
>>> Peter M=C3=BCller
>>=20


--===============2571778795522858061==--