[Pkg-sysvinit-devel] Bug#378280: Too many capabilities on virtual
filesystems
Petter Reinholdtsen
pere at hungry.com
Wed Aug 2 23:13:15 UTC 2006
tags 378280 + patch
thanks
I believe this patch should fix it, at least for for /proc/, /sys/ and
/proc/bux/usb/. Bug #378182 is a similar request for /dev/shm/, so I
guess that only leave /dev/pts/ of the virtual file systems mounted
with full capabilities. At least for those mounted in the base
system.
Index: debian/initscripts/etc/init.d/mountkernfs.sh
===================================================================
--- debian/initscripts/etc/init.d/mountkernfs.sh (revisjon 813)
+++ debian/initscripts/etc/init.d/mountkernfs.sh (arbeidskopi)
@@ -23,7 +23,7 @@
#
# Mount proc filesystem on /proc
#
- domount proc "" /proc
+ domount proc "" /proc -onoexec,nosuid,nodev
#
# Mount sysfs on /sys
@@ -31,7 +31,7 @@
# Only mount sysfs if it is supported (kernel >= 2.6)
if grep -E -qs "sysfs\$" /proc/filesystems
then
- domount sysfs "" /sys
+ domount sysfs "" /sys -onoexec,nosuid,nodev
fi
#
@@ -46,7 +46,7 @@
#
if [ -d /proc/bus/usb ]
then
- domount usbfs usbdevfs /proc/bus/usb
+ domount usbfs usbdevfs /proc/bus/usb -onoexec,nosuid,nodev
fi
}
More information about the Pkg-sysvinit-devel
mailing list