[systemd-devel] [PATCH 5/6] mount /run without "noexec"
harald at redhat.com
harald at redhat.com
Tue May 31 08:06:59 PDT 2011
From: Harald Hoyer <harald at redhat.com>
Signed-off-by: Harald Hoyer <harald at redhat.com>
---
src/mount-setup.c | 2 +-
src/nspawn.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/mount-setup.c b/src/mount-setup.c
index 48c32ea..27c0edd 100644
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -54,7 +54,7 @@ static const MountPoint mount_table[] = {
{ "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV, true },
{ "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
- { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
+ { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV, true },
{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
};
diff --git a/src/nspawn.c b/src/nspawn.c
index 969c961..b5908d6 100644
--- a/src/nspawn.c
+++ b/src/nspawn.c
@@ -117,7 +117,7 @@ static int mount_all(const char *dest) {
{ "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, true },
{ "tmpfs", "/dev", "tmpfs", "mode=755", MS_NOSUID, true },
{ "/dev/pts", "/dev/pts", "bind", NULL, MS_BIND, true },
- { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
+ { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV, true },
#ifdef HAVE_SELINUX
{ "selinux", "/selinux", "selinuxfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_RDONLY, false },
#endif
--
1.7.5.2
More information about the systemd-devel
mailing list