Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

remount /sys/kernel/security with nodev,nosuid[,noexec]

Browse Source 
as suggested by @madaidan

http://forums.whonix.org/t/apparmor-for-complete-system-including-init-pid1-systemd-everything-full-system-mac-policy/8339/238
This commit is contained in:
Patrick Schleizer 2019-12-16 03:52:09 -05:00
parent 2c4170e6f3
commit f68efd53cf
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
usr/lib/security-misc/remount-secure
View File

@ -68,6 +68,14 @@ tmp() {
touch "/var/run/remount-secure/${FUNCNAME}" touch "/var/run/remount-secure/${FUNCNAME}"
} }
securityfs() {
if [ -e "/var/run/remount-secure/${FUNCNAME}" ]; then
return 0
fi
mount -o nosuid,nodev${noexec_maybe} --bind /tmp /tmp || exit_code=5
touch "/var/run/remount-secure/${FUNCNAME}"
}
end() { end() {
exit $exit_code exit $exit_code
} }
@ -77,6 +85,7 @@ main() {
run "$@" run "$@"
shm "$@" shm "$@"
tmp "$@" tmp "$@"
securityfs "$@"
end "$@" end "$@"
} }