diff mbox series

installer: Harden mount options of /boot partition

Message ID	de573afc-f8ed-1cf8-949d-822b8801953f@ipfire.org
State	Accepted
Commit	e404dab5e42db7fa47695e1b4a50365e18be0e10
Headers	Message-ID: <de573afc-f8ed-1cf8-949d-822b8801953f@ipfire.org> Date: Thu, 28 Jul 2022 13:28:42 +0000 MIME-Version: 1.0 Content-Language: en-US To: "IPFire: Development" <development@lists.ipfire.org> From: =?utf-8?q?Peter_M=C3=BCller?= <peter.mueller@ipfire.org> Subject: [PATCH] installer: Harden mount options of /boot partition Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: list Errors-To: development-bounces@lists.ipfire.org Sender: "Development" <development-bounces@lists.ipfire.org>
Series	installer: Harden mount options of /boot partition \| installer: Harden mount options of /boot partition

Commit Message

Peter Müller July 28, 2022, 1:28 p.m. UTC

  Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
---
 src/installer/hw.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Michael Tremer July 28, 2022, 7:41 p.m. UTC | #1

Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>

> On 28 Jul 2022, at 14:28, Peter Müller <peter.mueller@ipfire.org> wrote:
> 
> Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
> ---
> src/installer/hw.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/installer/hw.c b/src/installer/hw.c
> index 12f8e793d..0ed6050b3 100644
> --- a/src/installer/hw.c
> +++ b/src/installer/hw.c
> @@ -1,7 +1,7 @@
> /*#############################################################################
> #                                                                             #
> # IPFire - An Open Source Firewall Distribution                               #
> -# Copyright (C) 2014 IPFire development team                                  #
> +# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -1134,7 +1134,7 @@ int hw_write_fstab(struct hw_destination* dest) {
> 		uuid = hw_get_uuid(dest->part_boot);
> 
> 		if (uuid) {
> -			fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults", 1, 2);
> +			fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults,nodev,noexec,nosuid", 1, 2);
> 			free(uuid);
> 		}
> 	}
> -- 
> 2.35.3

diff mbox series

Patch

diff --git a/src/installer/hw.c b/src/installer/hw.c
index 12f8e793d..0ed6050b3 100644
--- a/src/installer/hw.c
+++ b/src/installer/hw.c
@@ -1,7 +1,7 @@ 
 /*#############################################################################
 #                                                                             #
 # IPFire - An Open Source Firewall Distribution                               #
-# Copyright (C) 2014 IPFire development team                                  #
+# Copyright (C) 2007-2022  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -1134,7 +1134,7 @@  int hw_write_fstab(struct hw_destination* dest) {
 		uuid = hw_get_uuid(dest->part_boot);
 
 		if (uuid) {
-			fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults", 1, 2);
+			fprintf(f, FSTAB_FMT, uuid, "/boot", "auto", "defaults,nodev,noexec,nosuid", 1, 2);
 			free(uuid);
 		}
 	}