On 2004-11-07 14:52, "J.D. Bronson" <[EMAIL PROTECTED]> wrote: > I setup /etc/rc.conf as follows: > > tmpmfs="YES" > tmpsize="512m" > > and it works - but I want to mount tmp with some additional > options and wondering how to edit /etc/rc.d/tmp to accommodate this? > > I would like to add this: noexec,nosuid,nodev,nosymfollow > when /tmp is mounted as tmpfs.
I see no way to pass extra options to mdmfs from `/etc/rc.d/tmp'. One way to do this is to modify /etc/rc.d/tmp locally, but this will create maintenance work for every mergemaster run you do in the future.
> Can anyone offer some advice - thanks :)
The following patch is against CURRENT. Does this look like a good thing to you? If it does, we could ask our rc.d gurus for their approval to commit it to the tree.
Then, all you'd have to do to pass special options to the tmpmfs mount would be to add something like this to your `rc.conf':
tmpoptions="noexec,nosuid,nodev,nosymfollow"
----- tmpmfs-options.patch begins here ----- Index: etc/rc.subr =================================================================== RCS file: /home/ncvs/src/etc/rc.subr,v retrieving revision 1.31 diff -u -r1.31 rc.subr --- etc/rc.subr 30 Jul 2004 17:19:35 -0000 1.31 +++ etc/rc.subr 7 Nov 2004 23:55:27 -0000 @@ -1290,11 +1290,15 @@ # $1 = size # $2 = mount point # $3 = (optional) bytes-per-inode +# $4 = extra options mount_md() { + if [ -n "$4" ]; then + opt="-o $4" + fi if [ -n "$3" ]; then bpi="-i $3" fi - /sbin/mdmfs $bpi -s $1 -M md $2 + /sbin/mdmfs $bpi $opt -s $1 -M md $2 }
fi
Index: etc/defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.229
diff -u -r1.229 rc.conf
--- etc/defaults/rc.conf 4 Nov 2004 13:33:29 -0000 1.229
+++ etc/defaults/rc.conf 7 Nov 2004 23:57:34 -0000
@@ -40,6 +40,7 @@
removable_interfaces="" # Removable network interfaces for /etc/pccard_ether.
tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never
tmpsize="20m" # Size of mfs /tmp if created
+tmpoptions="" # extra mount options for tmpfs
varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never
varsize="32m" # Size of mfs /var if created
populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never
Index: etc/rc.d/tmp
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/tmp,v
retrieving revision 1.34
diff -u -r1.34 tmp
--- etc/rc.d/tmp 7 Oct 2004 13:55:26 -0000 1.34
+++ etc/rc.d/tmp 7 Nov 2004 23:56:31 -0000
@@ -56,7 +56,7 @@
echo "dropping into shell, ^D to continue anyway."
/bin/sh
else
- mount_md ${tmpsize} /tmp
+ mount_md ${tmpsize} /tmp ${tmpoptions}
chmod 01777 /tmp
fi
fi
Index: share/man/man5/rc.conf.5
===================================================================
RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v
retrieving revision 1.235
diff -u -r1.235 rc.conf.5
--- share/man/man5/rc.conf.5 4 Nov 2004 13:33:29 -0000 1.235
+++ share/man/man5/rc.conf.5 8 Nov 2004 00:00:13 -0000
@@ -240,6 +240,12 @@
Controls the size of a created
.Pa /tmp
memory file system.
+.It Va tmpoptions
+Controls the
+.Xr mount 8
+options of a created
+.Pa /tmp
+memory file system.
.It Va varmfs
Controls the creation of a
.Pa /var
@@ -3109,6 +3115,7 @@
.Xr kldxref 8 ,
.Xr lpd 8 ,
.Xr mdconfig 8 ,
+.Xr mount 8 ,
.Xr mountd 8 ,
.Xr moused 8 ,
.Xr mrouted 8 ,
----- tmpmfs-options.patch ends here -----
this looks GREAT. I think for security in mind, this would be a welcome addition to the FreeBSD OS - no ??
Thanks....I really appreciate this!
-- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: [EMAIL PROTECTED] // Pager: 414.314.8282
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
