Tobias, I have some questions about /usr/share/initramfs-tools/init patch: -mount -t sysfs none /sys -mount -t proc none /proc +mount -n -t sysfs -onodev,noexec,nosuid none /sys +mount -n -t proc -onodev,noexec,nosuid none /proc
Why did you add -n? /sys and /proc are in /etc/mtab for me. However, at that point / should be readonly. So I understand that /etc/mtab is modified by /etc/init.d/mtab.sh, and the mount calls in initramfs cannot actually modify mtab? Scott, I would be glad for a confirmation here. -mount -t tmpfs -o size=$tmpfs_size,mode=0755 udev /dev -> /dev/.initramfs-tools +mount -n -t tmpfs -o size=$tmpfs_size,mode=0755,noexec,nosuid udev /dev +# > /dev/.initramfs-tools -> same -n question; also, why did you comment out the /dev/.initramfs- tools stamp creation? Please try to attach proper patches, not complete scripts. This makes it easier to review them and apply to other versions of the scripts. The other patches look straightforward to me. -- Virtual filesystem mounts could use more restrictive mount options https://launchpad.net/bugs/54530 -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
