Core Update 170: Harden mount options of /boot on existing installations

The second version of this patch uses @ instead of / for sed delimiters,
which makes the command less hard to read. Since Core Update 170 already
requires a reboot at this point, the respective directive is omitted.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>

diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh
index 8dc99e5d8ecbfdb3062e903b506d5d3c98e9a593..9e96e3467129efb40dc32cca837b25a2b31b1b7d 100644 (file)
--- a/config/rootfiles/core/170/update.sh
+++ b/config/rootfiles/core/170/update.sh
@@ -123,6 +123,9 @@ sed -i /etc/collectd.conf \
 /etc/init.d/rc.d/unbound start
 /etc/init.d/rc.d/suricata restart
 
+# Harden mount options of /boot
+sed -e -i "s@[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*@ \/boot    auto defaults,nodev,noexec,nosuid   @g" /etc/fstab
+
 # This update needs a reboot...
 touch /var/run/need_reboot