Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-01-27 11:27:05 -05:00
Code Issues Packages Projects Releases Wiki Activity

usrmerge

Browse Source 
https://github.com/Kicksecure/security-misc/issues/157
This commit is contained in:
Patrick Schleizer 2023-12-25 09:27:45 -05:00
parent 269fada14a
commit b0dd967611
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
2 changed files with 0 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
usr/bin/remount-secure
View File

@ -255,17 +255,6 @@ _var() {
remount_secure remount_secure
} }
_lib() {
mount_folder="$NEWROOT/lib"
## Cannot use noexec on /lib as per:
## https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707/25
## There are many executables in /lib. To check:
## sudo find /var/lib -type f -executable
## sudo find /var/lib -type f -executable ! -type l
intended_mount_options="nosuid,nodev"
remount_secure
}
_home() { _home() {
mount_folder="$NEWROOT/home" mount_folder="$NEWROOT/home"
intended_mount_options="nosuid,nodev${home_noexec_maybe}" intended_mount_options="nosuid,nodev${home_noexec_maybe}"

2
usr/share/doc/security-misc/fstab-vm
View File

@ -13,8 +13,6 @@ proc /proc pr
/boot /boot none bind,remount,nosuid,nodev,noexec 0 0 /boot /boot none bind,remount,nosuid,nodev,noexec 0 0
/lib /lib none bind,remount,nosuid,nodev 0 0
## noexec optional ## noexec optional
/tmp /tmp none bind,remount,nosuid,nodev,noexec 0 0 /tmp /tmp none bind,remount,nosuid,nodev,noexec 0 0