mount-setup: disable device, execution, suid on device file systems

author Lennart Poettering <lennart@poettering.net>

Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)

committer Lennart Poettering <lennart@poettering.net>

Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)
author Lennart Poettering <lennart@poettering.net>
Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)
committer Lennart Poettering <lennart@poettering.net>
Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)
diff --git a/mount-setup.c b/mount-setup.c

index 8cb77669f36740a359011daa6c031b894d81b8a5..8ad37f860b50f88c80975838a3a6cf46e6ce5897 100644 (file)
--- a/mount-setup.c
+++ b/mount-setup.c
@@ -43,8 +43,8 @@ enum {
  static const char *table[] = {
          "proc",    "/proc",             "proc",     NULL,
          "sysfs",   "/sys",              "sysfs",    NULL,
  static const char *table[] = {
          "proc",    "/proc",             "proc",     NULL,
          "sysfs",   "/sys",              "sysfs",    NULL,
-        "devtmps", "/dev",              "devtmpfs", "mode=755",
-        "tmpfs",   "/dev/shm",          "tmpfs",    "mode=1777",
+        "devtmps", "/dev",              "devtmpfs", "mode=755,noexec,nosuid",
+        "tmpfs",   "/dev/shm",          "tmpfs",    "mode=1777,nodev,noexec,nosuid",
          "devpts",  "/dev/pts",          "devpts",   NULL,
          "cgroup",  "/cgroup/debug",     "cgroup",   "debug",
          "debugfs", "/sys/kernel/debug", "debugfs",  NULL,
          "devpts",  "/dev/pts",          "devpts",   NULL,
          "cgroup",  "/cgroup/debug",     "cgroup",   "debug",
          "debugfs", "/sys/kernel/debug", "debugfs",  NULL,
author	Lennart Poettering <lennart@poettering.net>
	Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Sat, 10 Apr 2010 19:46:51 +0000 (21:46 +0200)