diff options
| author | V3n3RiX <venerix@rogentos.ro> | 2015-06-30 21:32:03 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@rogentos.ro> | 2015-06-30 21:32:03 +0100 |
| commit | b807686376bc5c26d6b71ee63f6b0b02df6ff8d6 (patch) | |
| tree | f5cf5db70f475a4559190d641aeb32b7df9fcd4e | |
| parent | 62596374b5865d99ac936d800f8d206b4c06f08a (diff) | |
make vasile avoid bind mounts, use types instead...this makes our env more secure
| -rwxr-xr-x | vasile | 12 |
1 files changed, 6 insertions, 6 deletions
@@ -86,12 +86,12 @@ envkogaionstart () { # mount ro squashfs chroot + add rw overlayfs layer to enable clean package building mount -t squashfs "$sqfsroot" "$rodir" mount -t overlayfs -o lowerdir="$rodir",upperdir="$rwdir" overlayfs "$overlaydir" - mount -o bind /proc "$overlaydir"/proc - mount -o bind /sys "$overlaydir"/sys - mount -o bind /dev "$overlaydir"/dev - mount -o bind /dev/pts "$overlaydir"/dev/pts - mount -o bind /dev/shm "$overlaydir"/dev/shm - mount -o bind /tmp "$overlaydir"/tmp + mount -t proc proc "$overlaydir"/proc + mount -t sysfs sysfs "$overlaydir"/sys + mount -t devtmpfs -o relatime,size=3055348k,nr_inodes=763837,mode=755 none "$overlaydir"/dev + mount -t devpts -o nosuid,noexec,relatime,gid=5,mode=620 none $1/dev/pts "$overlaydir"/dev/pts + mount -t tmpfs -o nosuid,nodev none "$overlaydir"/dev/shm + mount -t tmpfs -o nosuid,nodev,noexec none "$overlaydir"/tmp } envkogaionstop () { |