main/openrc: mount efivars read-only

unintentional writes to efivars may result in bricked hardware. mount it read-only to play safe. (cherry picked from commit 53694c791e7c7112a0d8e4b47bdca8fd03edea4e)
author: Natanael Copa <ncopa@alpinelinux.org> 2016-02-02 08:12:43 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2016-03-18 10:43:31 +0100
commit: f76aafe23e98e5581f34c3ebfcbfbf99314babb5 (patch)
tree: 0331bb43d26d81b000fe83a7b10547e080952863 /main/openrc/read-only-efivars.patch
parent: 02241b2ec7d1db08030927b8cafdd3b7cd3fe618 (diff)
download: aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.bz2
aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.xz
1 files changed, 13 insertions, 0 deletions
diff --git a/main/openrc/read-only-efivars.patch b/main/openrc/read-only-efivars.patch
new file mode 100644
index 0000000000..5311ff8aa9
--- /dev/null
+++ b/main/openrc/read-only-efivars.patch
@@ -0,0 +1,13 @@
+diff --git a/init.d/sysfs.in b/init.d/sysfs.in
+index 4f214f6..759f246 100644
+--- a/init.d/sysfs.in
++++ b/init.d/sysfs.in
+@@ -96,7 +96,7 @@ mount_misc()
+ 		modprobe -q efivarfs
+ 		if grep -qs efivarfs /proc/filesystems; then
+ 			ebegin "Mounting efivarfs filesystem"
+-			mount -n -t efivarfs -o ${sysfs_opts} \
++			mount -n -t efivarfs -o ro,${sysfs_opts} \
+ 				efivarfs /sys/firmware/efi/efivars
+ 			eend $?
+ 		fi
author	Natanael Copa <ncopa@alpinelinux.org>	2016-02-02 08:12:43 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2016-03-18 10:43:31 +0100
commit	f76aafe23e98e5581f34c3ebfcbfbf99314babb5 (patch)
tree	0331bb43d26d81b000fe83a7b10547e080952863 /main/openrc/read-only-efivars.patch
parent	02241b2ec7d1db08030927b8cafdd3b7cd3fe618 (diff)
download	aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.bz2 aports-f76aafe23e98e5581f34c3ebfcbfbf99314babb5.tar.xz