mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-03-10 04:48:10 +07:00
Code Issues Packages Projects Releases Wiki Activity

remount /lib with nosuid,nodev

Browse Source 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/22
This commit is contained in:
Patrick Schleizer 2019-12-20 05:27:11 -05:00
parent 7f20160477
commit af0f074987
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
usr/lib/security-misc/remount-secure
View File

@ -76,6 +76,15 @@ securityfs() {
touch "/var/run/remount-secure/${FUNCNAME}" touch "/var/run/remount-secure/${FUNCNAME}"
} }
lib() {
if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
return 0
fi
## Not using noexec on /lib.
mount -o nosuid,nodev --bind /lib /lib || exit_code=7
touch "/var/run/remount-secure/${FUNCNAME}"
}
end() { end() {
exit $exit_code exit $exit_code
} }
@ -86,6 +95,7 @@ main() {
shm "$@" shm "$@"
tmp "$@" tmp "$@"
securityfs "$@" securityfs "$@"
lib "$@"
end "$@" end "$@"
} }