On Wed, 2006-08-09 at 07:01 +0000, Martin Pitt wrote: > Tobias, I have some questions about /usr/share/initramfs-tools/init > patch: > > -mount -t sysfs none /sys > -mount -t proc none /proc > +mount -n -t sysfs -onodev,noexec,nosuid none /sys > +mount -n -t proc -onodev,noexec,nosuid none /proc > > Why did you add -n? /sys and /proc are in /etc/mtab for me. However, at > that point / should be readonly. > No, at that point / is a memory filesystem (the initramfs) so it doesn't make much of a difference whether -n is there or not because it's thrown away at run-init time.
I would take out the "-n" to make debugging the initramfs easier (ie. mtab makes sense there). I'm not really sure what the point of the extra option is though; this is a kernel virtual filesystem, it doesn't respect those options ANYWAY! If the kernel wants to stick a setuid root binary, or device, in /proc; a few mount options isn't going to stop it. > -mount -t tmpfs -o size=$tmpfs_size,mode=0755 udev /dev > -> /dev/.initramfs-tools > +mount -n -t tmpfs -o size=$tmpfs_size,mode=0755,noexec,nosuid udev /dev > +# > /dev/.initramfs-tools > Again the "-n" makes no sense, neither does the "> /dev/.initramfs-tools" to me. Why noexec or nosuid? I could understand being paranoid, but only root can create files in /dev anyway. Scott -- Scott James Remnant [EMAIL PROTECTED] -- Virtual filesystem mounts could use more restrictive mount options https://launchpad.net/bugs/54530 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
