installer: Harden mount options of /boot partition
Commit Message
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
src/installer/hw.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Comments
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
> On 28 Jul 2022, at 14:28, Peter Müller <peter.mueller@ipfire.org> wrote:
>
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> src/installer/hw.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/installer/hw.c b/src/installer/hw.c
> index 12f8e793d..0ed6050b3 100644
> --- a/src/installer/hw.c
> +++ b/src/installer/hw.c
> @@ -1,7 +1,7 @@
> /*#############################################################################
> # #
> # IPFire - An Open Source Firewall Distribution #
> -# Copyright (C) 2014 IPFire development team #
> +# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
> # #
> # This program is free software: you can redistribute it and/or modify #
> # it under the terms of the GNU General Public License as published by #
> @@ -1134,7 +1134,7 @@ int hw_write_fstab(struct hw_destination* dest) {
> uuid = hw_get_uuid(dest->part_boot);
>
> if (uuid) {
> - fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults", 1, 2);
> + fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults,nodev,noexec,nosuid", 1, 2);
> free(uuid);
> }
> }
> --
> 2.35.3
@@ -1,7 +1,7 @@
/*#############################################################################
# #
# IPFire - An Open Source Firewall Distribution #
-# Copyright (C) 2014 IPFire development team #
+# Copyright (C) 2007-2022 IPFire Team <info@ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -1134,7 +1134,7 @@ int hw_write_fstab(struct hw_destination* dest) {
uuid = hw_get_uuid(dest->part_boot);
if (uuid) {
- fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults", 1, 2);
+ fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults,nodev,noexec,nosuid", 1, 2);
free(uuid);
}
}