From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: Re: Various mount options have changed in Core Update 169 Date: Thu, 23 Jun 2022 10:39:26 +0000 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5400497335788647762==" List-Id: --===============5400497335788647762== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello Michael, > Hello, >=20 >> On 22 Jun 2022, at 19:02, Peter M=C3=BCller w= rote: >> >> Hello Michael, >> >> thanks for your reply. >> >>> Hello, >>> >>> I suppose this is coming from changing dracut. >> >> As discussed on the phone already, I don't think dracut is the root cause = here, since >> the mount options are fine on systems running Core Update 168. Some change= in Core Update >> 169 caused this issue. >=20 > Okay. Could we please find out what has been causing this? I am unfortunately out of ideas and need help here - see also the issue of /d= ev which is still not fixed since I do not know where to look at. There is a mount call in /usr= /lib/dracut/modules.d/99base/init.sh with the proper options, but it either is not conducted at all during boot, o= r the mount options get overwritten at a later point. Sorry for the hassle. > This is a change I would definitely care about and things like this should = not just change. Full ACK. >=20 >> >>> Unless I am reading your diff wrong, those options have been added which = is a good thing?! >> >> No, it is the other way round. Silly me screwed up the diff. :-/ >> >> Anyway, commit 54bd60b67b477e5d5814293a74086dff1c21ac69 addresses all of t= hem except for >> /dev. I searched and was unable to find any component where /dev is (re)mo= unted in the way >> it is shown in the output of "mount". ^^^ Thanks, and best regards, Peter M=C3=BCller >> >> Do you have any ideas? >> >> Thanks, and best regards, >> Peter M=C3=BCller >> >>> >>> -Michael >>> >>>> On 20 Jun 2022, at 21:34, Peter M=C3=BCller = wrote: >>>> >>>> Hello *, >>>> >>>> while pre-testing Core Update 169, it came to my attention that, for som= e reason, >>>> various mount options have changed since Core Update 168, lacking option= s such as >>>> "nodev", "noexec", "nosuid", which means a security downgrade. >>>> >>>> The complete delta is as follows: >>>> >>>> $ diff -Naur before after >>>> --- before 2022-06-20 20:04:32.436632074 +0000 >>>> +++ after 2022-06-20 20:04:34.500401575 +0000 >>>> @@ -1,12 +1,12 @@ >>>> -devpts on /dev/pts type devpts (rw,relatime,gid=3D5,mode=3D620,ptmxmode= =3D000) >>>> +devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=3D5,mode= =3D620,ptmxmode=3D000) >>>> /dev/sda1 on /boot type ext4 (rw,relatime) >>>> /dev/sda2 on /boot/efi type vfat (rw,relatime,fmask=3D0022,dmask=3D0022,= codepage=3D437,iocharset=3Dascii,shortname=3Dmixed,errors=3Dremount-ro) >>>> /dev/sda4 on / type ext4 (rw,relatime) >>>> -devtmpfs on /dev type devtmpfs (rw,relatime,size=3D1963708k,nr_inodes= =3D490927,mode=3D755) >>>> +devtmpfs on /dev type devtmpfs (rw,nosuid,noexec,size=3D1949992k,nr_ino= des=3D487498,mode=3D755) >>>> efivarfs on /sys/firmware/efi/efivars type efivarfs (rw,relatime) >>>> none on /sys/fs/cgroup type cgroup2 (rw,relatime) >>>> -/proc on /proc type proc (rw,relatime) >>>> -/run on /run type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k,mode=3D7= 55) >>>> -/sys on /sys type sysfs (rw,relatime) >>>> -tmpfs on /dev/shm type tmpfs (rw,relatime) >>>> +proc on /proc type proc (rw,nosuid,nodev,noexec,relatime) >>>> +sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime) >>>> +tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,noexec) >>>> +tmpfs on /run type tmpfs (rw,nosuid,nodev,noexec,mode=3D755) >>>> /var/lock on /var/lock type tmpfs (rw,nosuid,nodev,relatime,size=3D8192k) >>>> >>>> I cannot recall of having this explicitly changed anywhere, and don't un= derstand >>>> the root cause for this (unwanted) change. Could somebody please point m= e into the >>>> right direction? :-) >>>> >>>> Thanks in advance, and best regards, >>>> Peter M=C3=BCller >>> >=20 --===============5400497335788647762==--