diff options
author | Natanael Copa <ncopa@alpinelinux.org> | 2016-02-02 08:12:43 +0000 |
---|---|---|
committer | Natanael Copa <ncopa@alpinelinux.org> | 2016-03-18 10:43:31 +0100 |
commit | f76aafe23e98e5581f34c3ebfcbfbf99314babb5 (patch) | |
tree | 0331bb43d26d81b000fe83a7b10547e080952863 | |
parent | 02241b2ec7d1db08030927b8cafdd3b7cd3fe618 (diff) | |
download | aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.bz2 aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.xz |
main/openrc: mount efivars read-only
unintentional writes to efivars may result in bricked hardware. mount it
read-only to play safe.
(cherry picked from commit 53694c791e7c7112a0d8e4b47bdca8fd03edea4e)
-rw-r--r-- | main/openrc/APKBUILD | 6 | ||||
-rw-r--r-- | main/openrc/read-only-efivars.patch | 13 |
2 files changed, 18 insertions, 1 deletions
diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD index e0a4e75100..d9dfec0dbd 100644 --- a/main/openrc/APKBUILD +++ b/main/openrc/APKBUILD @@ -2,7 +2,7 @@ pkgname=openrc pkgver=0.19 _ver=${pkgver/_git*/} -pkgrel=2 +pkgrel=3 pkgdesc="OpenRC manages the services, startup and shutdown of a host" url="http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git" arch="all" @@ -20,6 +20,7 @@ source="openrc-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver. swap-ifexists.patch hide-migrate-to-run-error.patch rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch + read-only-efivars.patch openrc.logrotate hostname.initd @@ -83,6 +84,7 @@ c2af5e52da614a6cef02d1e4d537e360 swap-umount-tmpfs.patch 1c426b84d13a725ad493647b5253f239 swap-ifexists.patch 679c559aa54f9e855cd735866eeaaad6 hide-migrate-to-run-error.patch db45dc04a50d48a0c377e9de3ee0008b rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch +1f4d1fed897e8dd42b459952c63933d2 read-only-efivars.patch d83df5513f08f09fa9e7353327701bf7 openrc.logrotate 60b4cf93ca19aff577fd743ab42878a8 hostname.initd 887eba592d487d6ffe2b42cfcd2813df hwdrivers.initd @@ -101,6 +103,7 @@ bdccc12593d9bb9df6fcff57a56e4100ae43e052d6eff87f561966653ca071dc 0001-sysctl.Li 8978b00492d90b573f5254cc394582e8f1a5cd8b4d6c928fa0a9a022dd17fe9c swap-ifexists.patch 786580df90a5a75087e5adfd395d160dee2df4b994e0938e8524198aeaf2d774 hide-migrate-to-run-error.patch cb4ff88875c0125b68fe567cc41b42743499bbdc90a5c9dfe2b92883b5b05111 rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch +61abfab5a0100ea1ea706bf50712cb38f107516c2856a1278fb9364bdde216c0 read-only-efivars.patch 30a81fb2f761083088d4d6a3d435fc842966d44588e9837b45ffd03e48be6eb6 openrc.logrotate dda515d7d906cebcf4137746939f3fdccc7f504fe097ef1dbf429e3e6773a013 hostname.initd 6cb4d9ea3ad562bcf2697f61f5a76a10481d23f5dead570f82eff576eaca5236 hwdrivers.initd @@ -119,6 +122,7 @@ eee27fbf72776fb70d3aa6c6464180731d522191e5755aa431ab09ea11dd11bf001a95618adcaa5c c5b8806c693b0ea48ff87e0e3669304f5c2f95954ad54814889047a933f367081a8c8d3bb771dd1ed6c3bc845df894232bd6b662066d09eba3abf3964187d1d1 swap-ifexists.patch 750e3305913d3f6fa6baa0b34b851fe17aacb922e864b95ec9b4b451e8e3c16d0c10686a12f4c7cb9b5d05894e1d89b0dac3beed19b1223d3fbc672f25769145 hide-migrate-to-run-error.patch a3c2f419a3d475519cc8f78bd3baa26cae90a492a5fc92308b18931889db10452aa33324cca8489058d2bcf720e67ab9163ada090d3d3f54ab55dbd758901d4a rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch +2e4c9edb51c4220684ee39102e048df0a6a4f10ddea0e9e5b7f9323240c47181de0048b23fe49c23221f9c78663e7336deb70d9c8eccdc9ce3eb86b51e009f1f read-only-efivars.patch 12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate 99b542c0903ad6874b8c308b2e0660a4fe2ff9db962dfec65325cd12c368873a2ae800d5e6d42dc4deff775e1d5c0068869eb72581f7ab16e88d5738afe1d3dd hostname.initd b51d95df7b692aaea3e14ed009d99b46b82500d505e2eeecb6a20136cee140aea4a7377a65ccc5c51fff64be7a50666be48616d179888eaeff9d35178a7a772b hwdrivers.initd diff --git a/main/openrc/read-only-efivars.patch b/main/openrc/read-only-efivars.patch new file mode 100644 index 0000000000..5311ff8aa9 --- /dev/null +++ b/main/openrc/read-only-efivars.patch @@ -0,0 +1,13 @@ +diff --git a/init.d/sysfs.in b/init.d/sysfs.in +index 4f214f6..759f246 100644 +--- a/init.d/sysfs.in ++++ b/init.d/sysfs.in +@@ -96,7 +96,7 @@ mount_misc() + modprobe -q efivarfs + if grep -qs efivarfs /proc/filesystems; then + ebegin "Mounting efivarfs filesystem" +- mount -n -t efivarfs -o ${sysfs_opts} \ ++ mount -n -t efivarfs -o ro,${sysfs_opts} \ + efivarfs /sys/firmware/efi/efivars + eend $? + fi |