Reduce the number of filesystems we remount noexec/nosuid/nodev when root

author Daan De Meyer <daan.j.demeyer@gmail.com>

Fri, 21 Feb 2025 09:57:39 +0000 (10:57 +0100)

committer Jörg Behrmann <behrmann@physik.fu-berlin.de>

Fri, 21 Feb 2025 11:16:23 +0000 (12:16 +0100)
author Daan De Meyer <daan.j.demeyer@gmail.com>
Fri, 21 Feb 2025 09:57:39 +0000 (10:57 +0100)
committer Jörg Behrmann <behrmann@physik.fu-berlin.de>
Fri, 21 Feb 2025 11:16:23 +0000 (12:16 +0100)
diff --git a/mkosi/__init__.py b/mkosi/__init__.py

index 9c52fcc25b400aa0925eabf9f75bf6848fa05065..b8abba0451acc347452cf4010334cc4a98bd8f6b 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -4894,7 +4894,7 @@ def run_build(
                  continue
  
              attrs = MOUNT_ATTR_RDONLY
-            if d not in ("/usr", "/opt"):
+            if d in ("/boot", "/efi"):
                  attrs |= MOUNT_ATTR_NOSUID | MOUNT_ATTR_NODEV | MOUNT_ATTR_NOEXEC
  
              mount_rbind(d, d, attrs)
author	Daan De Meyer <daan.j.demeyer@gmail.com>
	Fri, 21 Feb 2025 09:57:39 +0000 (10:57 +0100)
committer	Jörg Behrmann <behrmann@physik.fu-berlin.de>
	Fri, 21 Feb 2025 11:16:23 +0000 (12:16 +0100)