Hello, On Fri, Oct 02, 2020 at 10:35:51PM +0300, Valter Jaakkola wrote: > So where can I change the mounting parameters of /dev/shm, or otherwise > arrange > it so that /dev/shm is noexec already at/after boot? > > (Out of curiosity, where is /dev/shm mounted from?)
I think from systemd: https://github.com/systemd/systemd/blob/c7828862b39883cf1f55235a937d29588d5a806b/src/core/mount-setup.c#L79 and I think if you wish to alter the mount options you should put it in /etc/fstab and then systemd will do the equivalent of: # mount -oremount /dev/shm to get your options set, though there would be a small window where it had the default options. Though note that it seems systemd once did use "noexec" for /dev/shm but stopped 10 years ago because it broke some uses of mmap: https://github.com/systemd/systemd/commit/501c875bffaef3263ad42c32485c7fde41027175 On SysV init systems I think this is part of the initscripts package. Cheers, Andy -- https://bitfolk.com/ -- No-nonsense VPS hosting