[ -c /dev/null ] || mknod -m 0666 /dev/null c 1 3
# mount some important things
-mount -t proc /proc /proc >/dev/null 2>&1
-mount -t sysfs /sys /sys >/dev/null 2>&1
+mount -t proc -o nosuid,noexec,nodev /proc /proc >/dev/null 2>&1
+mount -t sysfs -o nosuid,noexec,nodev /sys /sys >/dev/null 2>&1
read RD_TIMESTAMP _tmp < /proc/uptime
unset _tmp
if [ ! -c /dev/ptmx ]; then
# try to mount devtmpfs
- if ! mount -t devtmpfs -omode=0755 udev /dev >/dev/null 2>&1; then
+ if ! mount -t devtmpfs -o mode=0755,nosuid udev /dev >/dev/null 2>&1; then
# if it failed fall back to normal tmpfs
- mount -t tmpfs -omode=0755 udev /dev >/dev/null 2>&1
+ mount -t tmpfs -o mode=0755,nosuid udev /dev >/dev/null 2>&1
# Make some basic devices first, let udev handle the rest
mknod -m 0666 /dev/null c 1 3
mknod -m 0666 /dev/ptmx c 5 2
fi
fi
+# prepare the /dev directory
ln -s /proc/self/fd /dev/fd >/dev/null 2>&1
ln -s /proc/self/fd/0 /dev/stdin >/dev/null 2>&1
ln -s /proc/self/fd/1 /dev/stdout >/dev/null 2>&1
ln -s /proc/self/fd/2 /dev/stderr >/dev/null 2>&1
+mkdir -m 0755 /dev/shm /dev/pts /dev/.udev /dev/.udev/rules.d /dev/.initramfs
+mount -t devpts -o gid=5,mode=620,noexec,nosuid devpts /dev/pts >/dev/null 2>&1
+mount -t tmpfs -o mode=1777,noexec,nosuid,nodev tmpfs /dev/shm >/dev/null 2>&1
if getargbool 0 rd.debug -y rdinitdebug -y rdnetdebug; then
getarg quiet && DRACUT_QUIET="yes"
setdebug
-mkdir /dev/shm /dev/pts
-mkdir -p -m 0755 /dev/.udev/rules.d
-mount -t devpts -o gid=5,mode=620 devpts /dev/pts >/dev/null 2>&1
-mount -t tmpfs tmpfs /dev/shm >/dev/null 2>&1
-
UDEVVERSION=$(udevadm --version)
source_conf /etc/conf.d
# Debug: Copy state
if getargbool 0 rd.copystate -y rdcopystate; then
- mkdir -p /dev/.initramfs
cp /tmp/* /dev/.initramfs/ >/dev/null 2>&1
fi
projects / thirdparty / dracut.git / commitdiff
