From: Harald Hoyer <harald@redhat.com>
Date: Thu, 11 Nov 2010 09:58:38 +0000 (+0100)
Subject: base/init: merge mkdir and add more mount options
X-Git-Tag: 008~39
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=4af673c3f8626872f1f638e4df2c6fab9a0d45ef;p=thirdparty%2Fdracut.git

base/init: merge mkdir and add more mount options
---

diff --git a/modules.d/99base/init b/modules.d/99base/init
index ef96918e9..bc5dc7f28 100755
--- a/modules.d/99base/init
+++ b/modules.d/99base/init
@@ -75,17 +75,17 @@ RDDEBUG=""
 [ -c /dev/null ] || mknod -m 0666 /dev/null c 1 3
 
 # mount some important things
-mount -t proc /proc /proc >/dev/null 2>&1
-mount -t sysfs /sys /sys >/dev/null 2>&1
+mount -t proc -o nosuid,noexec,nodev /proc /proc >/dev/null 2>&1
+mount -t sysfs -o nosuid,noexec,nodev /sys /sys >/dev/null 2>&1
 
 read RD_TIMESTAMP _tmp < /proc/uptime
 unset _tmp
 
 if [ ! -c /dev/ptmx ]; then
     # try to mount devtmpfs
-    if ! mount -t devtmpfs -omode=0755 udev /dev >/dev/null 2>&1; then
+    if ! mount -t devtmpfs -o mode=0755,nosuid udev /dev >/dev/null 2>&1; then
         # if it failed fall back to normal tmpfs
-        mount -t tmpfs -omode=0755 udev /dev >/dev/null 2>&1 
+        mount -t tmpfs -o mode=0755,nosuid udev /dev >/dev/null 2>&1 
         # Make some basic devices first, let udev handle the rest
         mknod -m 0666 /dev/null c 1 3
         mknod -m 0666 /dev/ptmx c 5 2
@@ -94,10 +94,14 @@ if [ ! -c /dev/ptmx ]; then
     fi
 fi
 
+# prepare the /dev directory
 ln -s /proc/self/fd /dev/fd >/dev/null 2>&1
 ln -s /proc/self/fd/0 /dev/stdin >/dev/null 2>&1
 ln -s /proc/self/fd/1 /dev/stdout >/dev/null 2>&1
 ln -s /proc/self/fd/2 /dev/stderr >/dev/null 2>&1
+mkdir -m 0755 /dev/shm /dev/pts /dev/.udev /dev/.udev/rules.d /dev/.initramfs
+mount -t devpts -o gid=5,mode=620,noexec,nosuid devpts /dev/pts >/dev/null 2>&1
+mount -t tmpfs -o mode=1777,noexec,nosuid,nodev  tmpfs /dev/shm >/dev/null 2>&1
 
 if getargbool 0 rd.debug -y rdinitdebug -y rdnetdebug; then
     getarg quiet && DRACUT_QUIET="yes"
@@ -110,11 +114,6 @@ fi
 
 setdebug
 
-mkdir /dev/shm /dev/pts 
-mkdir -p -m 0755 /dev/.udev/rules.d
-mount -t devpts -o gid=5,mode=620 devpts /dev/pts >/dev/null 2>&1
-mount -t tmpfs tmpfs /dev/shm >/dev/null 2>&1
-
 UDEVVERSION=$(udevadm --version)
 
 source_conf /etc/conf.d
@@ -313,7 +312,6 @@ fi
 
 # Debug: Copy state
 if getargbool 0 rd.copystate -y rdcopystate; then
-    mkdir -p /dev/.initramfs
     cp /tmp/* /dev/.initramfs/ >/dev/null 2>&1
 fi