Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-06-19 18:24:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

fix, rework remount-secure kernel parameters parsing

Browse source
This commit is contained in:
Patrick Schleizer 2023-10-22 13:25:31 -04:00
parent b0181af099
commit 4288e10554
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
etc/default/grub.d/40_remmount-secure.cfg
View file

@ -7,4 +7,4 @@
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1" #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=1"
## Re-mount with nodev, nosuid, noexec. ## Re-mount with nodev, nosuid, noexec.
#GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountnoexec=1" #GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX remountsecure=noexec"

10
usr/lib/dracut/modules.d/20remount-secure/remount-secure.sh
View file

@ -7,10 +7,12 @@
## options based on kernel command line parameters. ## options based on kernel command line parameters.
remount_hook() { remount_hook() {
local remount_action local remountsecure_action
remount_action=$(getarg remountsecure) ## getarg returns the last parameter only.
## if /proc/cmdline contains 'remountsecure=0 remountsecure=1 remountsecure=noexec' the last one wins.
remountsecure_action=$(getarg remountsecure)
if getargbool 1 remountnoexec; then if [ "$remountsecure_action" = "1" ]; then
if ! remount-secure --remountnoexec ; then if ! remount-secure --remountnoexec ; then
warn "'remount-secure --remountnoexec' failed." warn "'remount-secure --remountnoexec' failed."
return 1 return 1
@ -19,7 +21,7 @@ remount_hook() {
return 0 return 0
fi fi
if getargbool 1 remountsecure; then if [ "$remountsecure_action" = "noexec" ]; then
if ! remount-secure ; then if ! remount-secure ; then
warn "'remount-secure' failed." warn "'remount-secure' failed."
return 1 return 1