2023-10-22 08:10:48 -04:00
|
|
|
#!/bin/sh
|
|
|
|
|
|
|
|
|
|
## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
|
|
|
## See the file COPYING for copying conditions.
|
|
|
|
|
|
2023-10-22 09:36:03 -04:00
|
|
|
## This script is intended to remount specified mount points with more secure
|
|
|
|
|
## options based on kernel command line parameters.
|
|
|
|
|
|
2023-10-22 08:10:48 -04:00
|
|
|
remount_hook() {
|
2023-10-22 13:25:31 -04:00
|
|
|
local remountsecure_action
|
|
|
|
|
## getarg returns the last parameter only.
|
|
|
|
|
## if /proc/cmdline contains 'remountsecure=0 remountsecure=1 remountsecure=noexec' the last one wins.
|
|
|
|
|
remountsecure_action=$(getarg remountsecure)
|
2023-10-22 08:10:48 -04:00
|
|
|
|
2023-10-22 13:25:31 -04:00
|
|
|
if [ "$remountsecure_action" = "1" ]; then
|
2023-10-22 13:56:17 -04:00
|
|
|
if ! remount-secure; then
|
2023-10-22 13:57:38 -04:00
|
|
|
warn "$0: ERROR: 'remount-secure' failed."
|
2023-10-22 13:11:44 -04:00
|
|
|
return 1
|
2023-10-22 09:39:54 -04:00
|
|
|
fi
|
2023-10-22 13:57:38 -04:00
|
|
|
info "$0: INFO: 'remount-secure' success."
|
2023-10-22 08:10:48 -04:00
|
|
|
return 0
|
|
|
|
|
fi
|
|
|
|
|
|
2023-10-22 13:25:31 -04:00
|
|
|
if [ "$remountsecure_action" = "noexec" ]; then
|
2023-10-22 13:56:17 -04:00
|
|
|
if ! remount-secure --remountnoexec; then
|
2023-10-22 13:57:38 -04:00
|
|
|
warn "$0: ERROR: 'remount-secure --remountnoexec' failed."
|
2023-10-22 13:12:25 -04:00
|
|
|
return 1
|
2023-10-22 09:39:54 -04:00
|
|
|
fi
|
2023-10-22 13:57:38 -04:00
|
|
|
info "$0: INFO: 'remount-secure --remountnoexec' success."
|
2023-10-22 09:36:03 -04:00
|
|
|
return 0
|
|
|
|
|
fi
|
2023-10-22 09:39:54 -04:00
|
|
|
|
2023-10-22 13:57:38 -04:00
|
|
|
warn "$0: WARNING: Not using remount-secure."
|
2023-10-22 13:11:44 -04:00
|
|
|
return 1
|
2023-10-22 08:10:48 -04:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
remount_hook
|
