X-Git-Url: https://git.tld-linux.org/?a=blobdiff_plain;f=rc.d%2Frc.sysinit;h=b01b9d38f863d7cfaecda6ca73faad4a79430f1a;hb=709875e895a085534cc77a44524c0a7ee2b9c7f8;hp=c1f4adb8eb8cd3e1aa830208fd84f46ce6217fab;hpb=68a668470f74a2331d0bcc342bfbb9cccb40a6b5;p=rc-scripts.git

diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index c1f4adb..b01b9d3 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -372,7 +372,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
 	parse_cmdline
 
 	if [ -d /run ]; then
-		is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
+		is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev
 	fi
 
 	# Early sysctls
@@ -383,16 +383,14 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
 		grep -Fq sysfs /proc/filesystems && mount -n -o gid=17 -t sysfs sysfs /sys
 	fi
 	if grep -Fq securityfs /proc/filesystems; then
-		mount -n -o gid=17 -t securityfs securityfs /sys/kernel/security
+		mount -n -t securityfs securityfs /sys/kernel/security
+	fi
+	if [ -d /sys/firmware/efi ] && ! is_fsmounted efivarfs /sys/firmware/efi/efivars; then
+		mount -n -o rw -t efivarfs efivarfs /sys/firmware/efi/efivars
 	fi
 
 	init_selinux
 
-	# TLD Linux LiveCD support
-	if [ -x /etc/rc.d/rc.live ]; then
-		/etc/rc.d/rc.live
-	fi
-
 	# Choose Hardware profile
 	if ! is_no "$HWPROFILES" && [ -f /etc/sysconfig/hwprof ]; then
 		. /etc/sysconfig/hwprof
@@ -560,7 +558,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
 	_ROOTFS_DEVICE=$(awk '($1 !~ /^#/ && $2 == "/" && NF >= 6) { print $1}' /etc/fstab)
 	_ROOTFS_TYPE=$(awk '$2 == "/" && $3 != "rootfs" { print $3 }' /proc/mounts 2>/dev/null)
 
-	if [ -z "$fastboot" -a "$_ROOTFS_TYPE" != "aufs" -a "$_ROOTFS_TYPE" != "nfs" -a "$_ROOTFS_TYPE" != "romfs" -a "$_ROOTFS_TYPE" != "squashfs" -a "$_ROOTFS_PASSNO" != 0 -a -e $_ROOTFS_DEVICE ] && [[ "$container" != lxc* ]]; then
+	if [ -z "$fastboot" -a "$_ROOTFS_TYPE" != "aufs" -a "$_ROOTFS_TYPE" != "nfs" -a "$_ROOTFS_TYPE" != "romfs" -a "$_ROOTFS_TYPE" != "tmpfs" -a "$_ROOTFS_TYPE" != "squashfs" -a "$_ROOTFS_PASSNO" != 0 -a -e $_ROOTFS_DEVICE ] && [[ "$container" != lxc* ]]; then
 		check_root_fs
 	fi
 
@@ -643,7 +641,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
 		mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
 	fi
 	if is_fsmounted tmpfs /run; then
-		mount -f -t tmpfs run /run 2> /dev/null
+		mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null
 	fi
 
 	if is_fsmounted usbfs /proc/bus/usb; then
@@ -655,6 +653,9 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
 		if is_fsmounted securityfs /sys/kernel/security ; then
 			mount -f -t securityfs securityfs /sys/kernel/security 2> /dev/null
 		fi
+		if [ -d /sys/firmware/efi ] && is_fsmounted efivarfs /sys/firmware/efi/efivars ; then
+			mount -f -t efivarfs efivarfs /sys/firmware/efi/efivars 2> /dev/null
+		fi
 	fi
 
 	if is_fsmounted selinuxfs /selinux; then