diff options
| author | omni <omni+alpine@hack.org> | 2022-01-27 15:27:57 +0000 |
|---|---|---|
| committer | Ariadne Conill <ariadne@treehouse.systems> | 2022-03-15 16:31:11 +0000 |
| commit | ef67683aa06276bb621149d19ea1c20e6a25e408 (patch) | |
| tree | 6ebebfc52e3f44d8873b4df77646e616ab8ab99d /main/openrc | |
| parent | 408987fb03649502821903800bce6445c236a2c8 (diff) | |
| download | aports-ef67683aa06276bb621149d19ea1c20e6a25e408.zip | |
main/openrc: default mount /dev noexec
Users who still need to be able to exec from /dev can use the following
fstab entry to override the default
devtmpfs /dev devtmpfs exec,nosuid,mode=0755 0 0
Also fix linter SC2035 warning.
Diffstat (limited to 'main/openrc')
| -rw-r--r-- | main/openrc/0010-noexec-devfs.patch | 14 | ||||
| -rw-r--r-- | main/openrc/APKBUILD | 6 |
2 files changed, 18 insertions, 2 deletions
diff --git a/main/openrc/0010-noexec-devfs.patch b/main/openrc/0010-noexec-devfs.patch new file mode 100644 index 00000000000..9a8928c1669 --- /dev/null +++ b/main/openrc/0010-noexec-devfs.patch @@ -0,0 +1,14 @@ +--- a/init.d/devfs.in ++++ b/init.d/devfs.in +@@ -24,8 +24,9 @@ mount_dev() + action=--mount + conf_d_dir="${RC_SERVICE%/*/*}/conf.d" + msg=Mounting +- # Some devices require exec, Bug #92921 +- mountopts="exec,nosuid,mode=0755" ++ # Some devices require exec, https://bugs.gentoo.org/92921 ++ # Users with such requirements can use an fstab entry for /dev ++ mountopts="noexec,nosuid,mode=0755" + if yesno ${skip_mount_dev:-no} ; then + einfo "/dev will not be mounted due to user request" + return 0 diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD index a0e2c5b2228..f056eef4e10 100644 --- a/main/openrc/APKBUILD +++ b/main/openrc/APKBUILD @@ -2,7 +2,7 @@ pkgname=openrc pkgver=0.44.10 _ver=${pkgver/_git*/} -pkgrel=2 +pkgrel=3 pkgdesc="OpenRC manages the services, startup and shutdown of a host" url="https://github.com/OpenRC/openrc" arch="all" @@ -27,6 +27,7 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgve 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch 0009-fix-bootmisc-mv-error.patch + 0010-noexec-devfs.patch openrc.logrotate hostname.initd @@ -97,7 +98,7 @@ package() { # additional documentation considered useful mkdir -p "$pkgdir"/usr/share/doc/$pkgname/ - install -m644 ChangeLog *.md "$pkgdir"/usr/share/doc/$pkgname/ + install -m644 ChangeLog ./*.md "$pkgdir"/usr/share/doc/$pkgname/ # we use a virtual keymaps services to allow users to set their # keymaps either with the OpenRC loadkeys service provided by @@ -135,6 +136,7 @@ sha512sums=" 431ac28808e684bea5511386bf5f06efe7f509f1dbe7e15ae6309563d813deae8f3edd872a0943ef8088e3cf778d7bc5ebd15a893dc4a08f4022b7a56bbafc63 0007-Clean-up-staticroute-config-remove-irrelevant-parts-.patch 475f4ea63b9b5d7eb9c623e96b6cc3d3072abcb7194d0045b84e0688836c8514fccfc68b0eae0b4bee60878cdea8042c3ce7e48406ee7a2f0e4a3e128a153468 0008-bootmisc-switch-wipe_tmp-setting-to-no-by-default.patch 354b2df343ddf82aedba104039bbdb1dd5fdd9c4abac52f89e881341443b73fcf000ed9e8b88e9610f1c3218cb89722ff6a774e1ef2f7fe71fa6ff62b75f572b 0009-fix-bootmisc-mv-error.patch +0535d7837ae0c695f25208199f4dec3a4031558366da346a8a1dd13c0fa2a044f14088b75eca37ce0f4a681e85c82b84aac3d65aac9176639e82b33a9355cb2a 0010-noexec-devfs.patch 12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate 493f27d588e64bb2bb542b32493ed05873f4724e8ad1751002982d7b4e07963cfb72f93603b2d678f305177cf9556d408a87b793744c6b7cd46cf9be4b744c02 hostname.initd c06eac7264f6cc6888563feeae5ca745aae538323077903de1b19102e4f16baa34c18b8c27af5dd5423e7670834e2261e9aa55f2b1ec8d8fdc2be105fe894d55 hwdrivers.initd |