]> TLD Linux GIT Repositories - rc-scripts.git/blobdiff - rc.d/rc.sysinit
TLD / rc-scripts.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- mount efivars when running under EFI firmware
[rc-scripts.git] / rc.d / rc.sysinit
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index c7375feae9db3825c00e10ba8164df82b905a06e..e84b24761475aa18fa39b9f563693e38d4e434f9 100755 (executable)
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -372,7 +372,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
        parse_cmdline
 
        if [ -d /run ]; then
-               is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
+               is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev
        fi
 
        # Early sysctls
@@ -383,7 +383,10 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
                grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys
        fi
        if grep -Fq securityfs /proc/filesystems; then
-               mount -n -o gid=17 -t securityfs securityfs /sys/kernel/security
+               mount -n -t securityfs securityfs /sys/kernel/security
+       fi
+       if [ -d /sys/firmware/efi ] && ! is_fsmounted efivarfs /sys/firmware/efi/efivars; then
+               mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars
        fi
 
        init_selinux
@@ -643,7 +646,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
                mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
        fi
        if is_fsmounted tmpfs /run; then
-               mount -f -t tmpfs run /run 2> /dev/null
+               mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null
        fi
 
        if is_fsmounted usbfs /proc/bus/usb; then
@@ -655,6 +658,9 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
                if is_fsmounted securityfs /sys/kernel/security ; then
                        mount -f -t securityfs securityfs /sys/kernel/security 2> /dev/null
                fi
+               if [ -d /sys/firmware/efi ] && is_fsmounted efivarfs /sys/firmware/efi/efivars ; then
+                       mount -f -t efivarfs efivarfs /sys/firmware/efi/efivars 2> /dev/null
+               fi
        fi
 
        if is_fsmounted selinuxfs /selinux; then
TLD rc-scripts