diff mbox series

flash-images: Harden mount options of /boot

Message ID	4ce28633-75b5-c22d-a0aa-2f9e3c0aab85@ipfire.org
State	Accepted
Commit	17aaad5d968e8486dc83cd65cddb1cc1a7ff5211
Headers	Message-ID: <4ce28633-75b5-c22d-a0aa-2f9e3c0aab85@ipfire.org> Date: Sat, 11 Jun 2022 06:47:49 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] flash-images: Harden mount options of /boot Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	flash-images: Harden mount options of /boot \| flash-images: Harden mount options of /boot

Commit Message

Peter Müller June 11, 2022, 6:47 a.m. UTC

  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 lfs/flash-images | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Tremer June 13, 2022, 1:38 p.m. UTC | #1

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 11 Jun 2022, at 07:47, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> lfs/flash-images | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/lfs/flash-images b/lfs/flash-images
> index 3cf81fb6d..8a033c310 100644
> --- a/lfs/flash-images
> +++ b/lfs/flash-images
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -167,7 +167,7 @@ endif
> 
> 	# Create /etc/fstab
> 	printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_BOOT))" "/boot" \
> -		"auto" "defaults" 1 2 >  $(MNThdd)/etc/fstab
> +		"auto" "defaults,nodev,noexec,nosuid" 1 2 >  $(MNThdd)/etc/fstab
> ifeq "$(EFI)" "1"
> 	printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_EFI))" "/boot/efi" \
> 		"auto" "defaults" 1 2 >> $(MNThdd)/etc/fstab
> -- 
> 2.35.3

diff mbox series

Patch

diff --git a/lfs/flash-images b/lfs/flash-images
index 3cf81fb6d..8a033c310 100644
--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -1,7 +1,7 @@ 
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2021  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -167,7 +167,7 @@  endif
 
 	# Create /etc/fstab
 	printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_BOOT))" "/boot" \
-		"auto" "defaults" 1 2 >  $(MNThdd)/etc/fstab
+		"auto" "defaults,nodev,noexec,nosuid" 1 2 >  $(MNThdd)/etc/fstab
 ifeq "$(EFI)" "1"
 	printf "$(FSTAB_FMT)" "$$(blkid -o value -s UUID $(PART_EFI))" "/boot/efi" \
 		"auto" "defaults" 1 2 >> $(MNThdd)/etc/fstab