mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:03:35 +07:00
Code Issues Packages Projects Releases Wiki Activity

fix, rework remount-secure kernel parameters parsing

Browse Source
This commit is contained in:
Patrick Schleizer 2023-10-22 13:25:31 -04:00
parent b0181af099
commit 4288e10554
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
etc/default/grub.d/40_remmount-secure.cfg
View File

@ -7,4 +7,4 @@
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
## Re-mount with nodev, nosuid, noexec.
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountnoexec=1"
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=noexec"

10
usr/lib/dracut/modules.d/20remount-secure/remount-secure.sh
View File

@ -7,10 +7,12 @@
## options based on kernel command line parameters.
remount_hook() {
local remount_action
remount_action=$(getarg remountsecure)
local remountsecure_action
## getarg returns the last parameter only.
## if /proc/cmdline contains 'remountsecure=0 remountsecure=1 remountsecure=noexec' the last one wins.
remountsecure_action=$(getarg remountsecure)
if getargbool 1 remountnoexec; then
if [ "$remountsecure_action" = "1" ]; then
if ! remount-secure --remountnoexec ; then
warn "'remount-secure --remountnoexec' failed."
return 1
@ -19,7 +21,7 @@ remount_hook() {
return 0
fi
if getargbool 1 remountsecure; then
if [ "$remountsecure_action" = "noexec" ]; then
if ! remount-secure ; then
warn "'remount-secure' failed."
return 1