Core Update 170: Harden mount options of /boot on existing installations

The second version of this patch uses @ instead of / for sed delimiters, which makes the command less hard to read. Since Core Update 170 already requires a reboot at this point, the respective directive is omitted. Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
2026-04-12 20:16:49 +02:00 · 2022-07-13 19:46:38 +00:00
parent e404dab5e4
commit 533cfb1b77
1 changed files with 3 additions and 0 deletions
--- a/config/rootfiles/core/170/update.sh
+++ b/config/rootfiles/core/170/update.sh
@@ -123,6 +123,9 @@ sed -i /etc/collectd.conf \
 /etc/init.d/rc.d/unbound start
 /etc/init.d/rc.d/suricata restart

+# Harden mount options of /boot
+sed -e -i "s@[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*@ \/boot    auto defaults,nodev,noexec,nosuid   @g" /etc/fstab
+
 # This update needs a reboot...
 touch /var/run/need_reboot