From: Nikoli <nikoli@gmx.us>
Date: Sat, 15 Nov 2014 14:01:18 +0000 (+0300)
Subject: Mount /dev, /dev/shm and /run noexec
X-Git-Tag: 042~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c4184b5cf1b4892712de1370f8d2d92e5cc2e705;p=thirdparty%2Fdracut.git

Mount /dev, /dev/shm and /run noexec
---

diff --git a/modules.d/99base/init.sh b/modules.d/99base/init.sh
index f4291c4e0..f96dbb506 100755
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
@@ -38,7 +38,7 @@ RD_DEBUG=""
 setdebug
 
 if ! ismounted /dev; then
-    mount -t devtmpfs -o mode=0755,nosuid,strictatime devtmpfs /dev >/dev/null
+    mount -t devtmpfs -o mode=0755,noexec,nosuid,strictatime devtmpfs /dev >/dev/null
 fi
 
 if ! ismounted /dev; then
@@ -59,12 +59,12 @@ fi
 
 if ! ismounted /dev/shm; then
     mkdir -m 0755 /dev/shm
-    mount -t tmpfs -o mode=1777,nosuid,nodev,strictatime tmpfs /dev/shm >/dev/null
+    mount -t tmpfs -o mode=1777,noexec,nosuid,nodev,strictatime tmpfs /dev/shm >/dev/null
 fi
 
 if ! ismounted /run; then
     mkdir -m 0755 /newrun
-    mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
     cp -a /run/* /newrun >/dev/null 2>&1
     mount --move /newrun /run
     rm -fr -- /newrun