Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/rootfiles/core/170/update.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh index 8edb5ff2e..c9744f5f5 100644 --- a/config/rootfiles/core/170/update.sh +++ b/config/rootfiles/core/170/update.sh @@ -49,8 +49,11 @@ ldconfig
# Start services
+# Harden mount options of /boot +sed -e -i "s/[[:space:]]*/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*/ /boot auto defaults,nodev,noexec,nosuid /g" /etc/fstab + # This update needs a reboot... -#touch /var/run/need_reboot +touch /var/run/need_reboot
# Finish /etc/init.d/fireinfo start
Hello,
On 6 Jul 2022, at 20:36, Peter Müller peter.mueller@ipfire.org wrote:
Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/core/170/update.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh index 8edb5ff2e..c9744f5f5 100644 --- a/config/rootfiles/core/170/update.sh +++ b/config/rootfiles/core/170/update.sh @@ -49,8 +49,11 @@ ldconfig
# Start services
+# Harden mount options of /boot +sed -e -i "s/[[:space:]]*/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*/ /boot auto defaults,nodev,noexec,nosuid /g" /etc/fstab
This is probably longer than it needs to. To keep regular expressions more readable, I would suggest the following:
* Use \s instead of [[:space:]]. The latter is probably easier if you are not familiar with \s, but very hard to read.
* If you know that you are going to have slashes, use a different delimiter character. So instead of s/A/B/C/D/ you could also write s@A/B@C/D@ which is a lot easier to read.
* I am not convinced editing /etc/fstab like this is a good idea, but we don’t seem to have any other option.
# This update needs a reboot... -#touch /var/run/need_reboot +touch /var/run/need_reboot
Why do we need to reboot? Can we not remount?
# Finish /etc/init.d/fireinfo start -- 2.35.3
Hello Michael,
thanks for your reply.
Hello,
On 6 Jul 2022, at 20:36, Peter Müller peter.mueller@ipfire.org wrote:
Signed-off-by: Peter Müller peter.mueller@ipfire.org
config/rootfiles/core/170/update.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh index 8edb5ff2e..c9744f5f5 100644 --- a/config/rootfiles/core/170/update.sh +++ b/config/rootfiles/core/170/update.sh @@ -49,8 +49,11 @@ ldconfig
# Start services
+# Harden mount options of /boot +sed -e -i "s/[[:space:]]*/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*/ /boot auto defaults,nodev,noexec,nosuid /g" /etc/fstab
This is probably longer than it needs to. To keep regular expressions more readable, I would suggest the following:
- Use \s instead of [[:space:]]. The latter is probably easier if you are not familiar with \s, but very hard to read.
I would prefer that too, but sed does not understand PCRE (tested on C168, did not work).
- If you know that you are going to have slashes, use a different delimiter character. So instead of s/A/B/C/D/ you could also write s@A/B@C/D@ which is a lot easier to read.
ACK, good point.
- I am not convinced editing /etc/fstab like this is a good idea, but we don’t seem to have any other option.
# This update needs a reboot... -#touch /var/run/need_reboot +touch /var/run/need_reboot
Why do we need to reboot? Can we not remount?
Indeed. At this point, all the other stuff in C170 does not require a reboot yet.
Thanks, and best regards, Peter Müller
# Finish /etc/init.d/fireinfo start -- 2.35.3
-
Michael Tremer -
Peter Müller