|
 |
b386772 |
From db7d61cff7f5a5be3a56cff39dc278f004b9c461 Mon Sep 17 00:00:00 2001
|
|
|
b386772 |
From: Harald Hoyer <harald@redhat.com>
|
|
|
b386772 |
Date: Thu, 14 Apr 2016 14:56:37 +0200
|
|
|
b386772 |
Subject: [PATCH] base/init.sh: don't mount /run with noexec, if the initramfs
|
|
|
b386772 |
lives there
|
|
|
b386772 |
|
|
|
b386772 |
If the initramfs was built with prefix=/run/... /run can't be mounted
|
|
|
b386772 |
with noexec, otherwise no binary can be run.
|
|
|
b386772 |
|
|
|
b386772 |
Guard against it by looking where /bin/sh is really located.
|
|
|
b386772 |
---
|
|
|
b386772 |
modules.d/99base/init.sh | 7 ++++++-
|
|
|
b386772 |
1 file changed, 6 insertions(+), 1 deletion(-)
|
|
|
b386772 |
|
|
|
b386772 |
diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
|
|
|
b386772 |
index bd7ef70..a563393 100755
|
|
|
b386772 |
--- a/modules.d/99base/init.sh
|
|
|
b386772 |
+++ b/modules.d/99base/init.sh
|
|
|
b386772 |
@@ -64,7 +64,12 @@ fi
|
|
|
b386772 |
|
|
|
b386772 |
if ! ismounted /run; then
|
|
|
b386772 |
mkdir -m 0755 /newrun
|
|
|
b386772 |
- mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
|
|
|
b386772 |
+ if ! str_starts "$(readlink -f /bin/sh)" "/run/"; then
|
|
|
b386772 |
+ mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
|
|
|
b386772 |
+ else
|
|
|
b386772 |
+ # the initramfs binaries are located in /run, so don't mount it with noexec
|
|
|
b386772 |
+ mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
|
|
|
b386772 |
+ fi
|
|
|
b386772 |
cp -a /run/* /newrun >/dev/null 2>&1
|
|
|
b386772 |
mount --move /newrun /run
|
|
|
b386772 |
rm -fr -- /newrun
|