mirror of
https://github.com/Kicksecure/security-misc.git
synced 2025-06-29 12:37:11 -04:00
37 lines
1 KiB
Bash
Executable file
37 lines
1 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
## Copyright (C) 2023 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
|
|
## See the file COPYING for copying conditions.
|
|
|
|
## This script is intended to remount specified mount points with more secure
|
|
## options based on kernel command line parameters.
|
|
|
|
remount_hook() {
|
|
local remountsecure_action
|
|
## getarg returns the last parameter only.
|
|
## if /proc/cmdline contains 'remountsecure=0 remountsecure=1 remountsecure=noexec' the last one wins.
|
|
remountsecure_action=$(getarg remountsecure)
|
|
|
|
if [ "$remountsecure_action" = "1" ]; then
|
|
if ! remount-secure --remountnoexec ; then
|
|
warn "'remount-secure --remountnoexec' failed."
|
|
return 1
|
|
fi
|
|
info "'remount-secure --remountnoexec' success."
|
|
return 0
|
|
fi
|
|
|
|
if [ "$remountsecure_action" = "noexec" ]; then
|
|
if ! remount-secure ; then
|
|
warn "'remount-secure' failed."
|
|
return 1
|
|
fi
|
|
info "'remount-secure' success."
|
|
return 0
|
|
fi
|
|
|
|
warn "Not using remount-secure."
|
|
return 1
|
|
}
|
|
|
|
remount_hook
|