webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-28 11:43:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Core Update 170: Harden mount options of /boot on existing installations

Browse Source 
The second version of this patch uses @ instead of / for sed delimiters,
which makes the command less hard to read. Since Core Update 170 already
requires a reboot at this point, the respective directive is omitted.

Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
This commit is contained in:
Peter Müller
2022-07-13 19:46:38 +00:00
parent e404dab5e4
commit 533cfb1b77
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
config/rootfiles/core/170/update.sh
View File

@@ -123,6 +123,9 @@ sed -i /etc/collectd.conf \
/etc/init.d/rc.d/unbound start /etc/init.d/rc.d/unbound start
/etc/init.d/rc.d/suricata restart /etc/init.d/rc.d/suricata restart
# Harden mount options of /boot
sed -e -i "s@[[:space:]]*\/boot[[:space:]]*auto[[:space:]]*defaults[[:space:]]*@ \/boot auto defaults,nodev,noexec,nosuid @g" /etc/fstab
# This update needs a reboot... # This update needs a reboot...
touch /var/run/need_reboot touch /var/run/need_reboot