- merged changes from PLD, all TLD changes and fixes are kept

[rc-scripts.git] / rc.d / rc.sysinit

diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index c1f4adb8eb8cd3e1aa830208fd84f46ce6217fab..826b4353e72ef385691a6bbb916aee4906069e08 100755 (executable)
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -372,7 +372,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
        parse_cmdline
 
        if [ -d /run ]; then
-               is_fsmounted tmpfs /run || mount -n -t tmpfs run /run
+               is_fsmounted tmpfs /run || mount -n -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev
        fi
 
        # Early sysctls
@@ -560,7 +560,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
        _ROOTFS_DEVICE=$(awk '($1 !~ /^#/ && $2 == "/" && NF >= 6) { print $1}' /etc/fstab)
        _ROOTFS_TYPE=$(awk '$2 == "/" && $3 != "rootfs" { print $3 }' /proc/mounts 2>/dev/null)
 
-       if [ -z "$fastboot" -a "$_ROOTFS_TYPE" != "aufs" -a "$_ROOTFS_TYPE" != "nfs" -a "$_ROOTFS_TYPE" != "romfs" -a "$_ROOTFS_TYPE" != "squashfs" -a "$_ROOTFS_PASSNO" != 0 -a -e $_ROOTFS_DEVICE ] && [[ "$container" != lxc* ]]; then
+       if [ -z "$fastboot" -a "$_ROOTFS_TYPE" != "aufs" -a "$_ROOTFS_TYPE" != "nfs" -a "$_ROOTFS_TYPE" != "romfs" -a "$_ROOTFS_TYPE" != "tmpfs" -a "$_ROOTFS_TYPE" != "squashfs" -a "$_ROOTFS_PASSNO" != 0 -a -e $_ROOTFS_DEVICE ] && [[ "$container" != lxc* ]]; then
                check_root_fs
        fi
 
@@ -643,7 +643,7 @@ if ! is_yes "$VSERVER" && [[ "$container" != lxc* ]]; then
                mount -f -t devtmpfs devtmpfs /dev 2> /dev/null
        fi
        if is_fsmounted tmpfs /run; then
-               mount -f -t tmpfs run /run 2> /dev/null
+               mount -f -t tmpfs run /run -o mode=0755,noexec,nosuid,nodev 2> /dev/null
        fi
 
        if is_fsmounted usbfs /proc/bus/usb; then