From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 2 Mar 2018 11:55:24 +0000 (+0100)
Subject: mount-setup: change bpf mount mode to 0700 (#8334)
X-Git-Tag: v238~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=39f305a901934dfcc064cffd4e419b92d90b02c0;p=thirdparty%2Fsystemd.git

mount-setup: change bpf mount mode to 0700 (#8334)

After discussing with the kernel folks, we agreed to default to 0700 for
this. Better safe than sorry.
---

diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index d050dccd9d5..536c17b4d56 100644
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -118,7 +118,7 @@ static const MountPoint mount_table[] = {
         { "efivarfs",    "/sys/firmware/efi/efivars", "efivarfs",   NULL,                      MS_NOSUID|MS_NOEXEC|MS_NODEV,
           is_efi_boot,   MNT_NONE                   },
 #endif
-        { "bpf",         "/sys/fs/bpf",               "bpf",        NULL,                      MS_NOSUID|MS_NOEXEC|MS_NODEV,
+        { "bpf",         "/sys/fs/bpf",               "bpf",        "mode=700",                MS_NOSUID|MS_NOEXEC|MS_NODEV,
           NULL,          MNT_NONE,                  },
 };