Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-03 01:14:48 -04:00
Code Issues Projects Releases Packages Wiki Activity

remount /sys/kernel/security with nodev,nosuid[,noexec]

Browse source 
as suggested by @madaidan

http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
This commit is contained in:
Patrick Schleizer 2019-12-16 03:52:09 -05:00
parent 2c4170e6f3
commit f68efd53cf
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
1 changed files with 9 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

9
usr/lib/security-misc/remount-secure
View file

@ -68,6 +68,14 @@ tmp() {
touch "/var/run/remount-secure/${FUNCNAME}"
}
securityfs() {
if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
return 0
fi
mount -o nosuid,nodev${noexec_maybe} --bind /tmp /tmp || exit_code=5
touch "/var/run/remount-secure/${FUNCNAME}"
}
end() {
exit $exit_code
}
@ -77,6 +85,7 @@ main() {
run "$@"
shm "$@"
tmp "$@"
securityfs "$@"
end "$@"
}