base/init.sh: don't mount /run with noexec, if the initramfs lives there

If the initramfs was built with prefix=/run/... /run can't be mounted
with noexec, otherwise no binary can be run.

Guard against it by looking where /bin/sh is really located.

diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
index bd7ef706454c142a635138fc57bd3faad8eb1dd9..a5633936aa203860e2d60964ac837f95a1a2fe3e 100755 (executable)
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
@@ -64,7 +64,12 @@ fi
 
 if ! ismounted /run; then
     mkdir -m 0755 /newrun
-    mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    if ! str_starts "$(readlink -f /bin/sh)" "/run/"; then
+        mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    else
+        # the initramfs binaries are located in /run, so don't mount it with noexec
+        mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    fi
     cp -a /run/* /newrun >/dev/null 2>&1
     mount --move /newrun /run
     rm -fr -- /newrun