improve remount-secure

2025-02-25 21:51:10 -05:00 · 2023-10-22 10:32:24 -04:00 · 2023-10-22 10:32:24 -04:00 · 41077c94fb
commit 41077c94fb
parent ef69e512bd
1 changed files with 20 additions and 12 deletions
--- a/usr/bin/remount-secure
+++ b/usr/bin/remount-secure
@ -32,6 +32,7 @@ init() {
   ## Debugging.
   $output_command "INFO: mount_output:"
   $output_command "$mount_output"
   $output_command ""
 }
 parse_options() {
@ -70,6 +71,8 @@ parse_options() {
 }
 remount_secure() {
   $output_command ""
   ## ${FUNCNAME[1]} is the name of the calling function. I.e. the function
   ## which called this function.
   status_file_name="${FUNCNAME[1]}"
@ -83,8 +86,10 @@ remount_secure() {
   ## example old_mount_options:
   ## rw,nosuid,nodev,relatime,discard
-   if echo "$old_mount_options" | grep --quiet "$new_mount_options" ; then
+   $output_command "INFO: '$mount_folder' old_mount_options: '$old_mount_options'"
-      $output_command "INFO: $mount_folder has already intended mount options. ($new_mount_options)"
+
   if echo "$old_mount_options" | grep --quiet "$intended_mount_options" ; then
      $output_command "INFO: '$mount_folder' has already intended mount options. ($intended_mount_options)"
      return 0
   fi
@ -93,7 +98,7 @@ remount_secure() {
   if [ "$option_force" == "true" ]; then
      if [ -e "$status_file_full_path" ]; then
-         $output_command "INFO: $mount_folder already remounted earlier. Not remounting again. Use --force if this is what you want."
+         $output_command "INFO: '$mount_folder' already remounted earlier. Not remounting again. Use --force if this is what you want."
         return 0
      fi
   fi
@ -101,39 +106,42 @@ remount_secure() {
   ## BUG: echo: write error: Broken pipe
   if echo "$mount_output" | grep --quiet "$mount_folder " ; then
      ## Already mounted. Using remount.
-      $output_command INFO: Executing: mount -o "remount,${new_mount_options}" "$mount_folder"
+      $output_command INFO: Executing: mount -o "remount,${intended_mount_options}" "$mount_folder"
-      mount -o "remount,${new_mount_options}" "$mount_folder" || exit_code=100
+      mount -o "remount,${intended_mount_options}" "$mount_folder" || exit_code=100
   else
      ## Not yet mounted. Using mount bind.
-      $output_command INFO: Executing: mount -o "$new_mount_options" --bind "$mount_folder" "$mount_folder"
+      $output_command INFO: Executing: mount -o "$intended_mount_options" --bind "$mount_folder" "$mount_folder"
-      mount -o "$new_mount_options" --bind "$mount_folder" "$mount_folder" || exit_code=101
+      mount -o "$intended_mount_options" --bind "$mount_folder" "$mount_folder" || exit_code=101
   fi
   new_mount_options="$(findmnt --noheadings --output options -- "$mount_folder")" || true
   $output_command "INFO: '$mount_folder' new_mount_options: '$new_mount_options'"
   touch "$status_file_full_path"
 }
 _home() {
   mount_folder="/home"
-   new_mount_options="nosuid,nodev${noexec_maybe}"
+   intended_mount_options="nosuid,nodev${noexec_maybe}"
   remount_secure "$@"
 }
 _run() {
   mount_folder="/run"
   ## https://lists.freedesktop.org/archives/systemd-devel/2015-February/028456.html
-   new_mount_options="nosuid,nodev${noexec_maybe}"
+   intended_mount_options="nosuid,nodev${noexec_maybe}"
   remount_secure "$@"
 }
 _dev_shm() {
   mount_folder="/dev/shm"
-   new_mount_options="nosuid,nodev${noexec_maybe}"
+   intended_mount_options="nosuid,nodev${noexec_maybe}"
   remount_secure "$@"
 }
 _tmp() {
   mount_folder="/tmp"
-   new_mount_options="nosuid,nodev${noexec_maybe}"
+   intended_mount_options="nosuid,nodev${noexec_maybe}"
   remount_secure "$@"
 }
@ -141,7 +149,7 @@ _tmp() {
 # _lib() {
 #    mount_folder="/lib"
 #    ## Not using noexec on /lib.
-#    new_mount_options="nosuid,nodev"
+#    intended_mount_options="nosuid,nodev"
 #    remount_secure "$@"
 # }