From b807686376bc5c26d6b71ee63f6b0b02df6ff8d6 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@rogentos.ro>
Date: Tue, 30 Jun 2015 21:32:03 +0100
Subject: make vasile avoid bind mounts, use types instead...this makes our env
 more secure

---
 vasile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/vasile b/vasile
index 4b869c5..8da0651 100755
--- a/vasile
+++ b/vasile
@@ -86,12 +86,12 @@ envkogaionstart () {
 	# mount ro squashfs chroot + add rw overlayfs layer to enable clean package building
 	mount -t squashfs "$sqfsroot" "$rodir"
 	mount -t overlayfs -o lowerdir="$rodir",upperdir="$rwdir" overlayfs "$overlaydir"
-	mount -o bind /proc "$overlaydir"/proc
-	mount -o bind /sys "$overlaydir"/sys
-	mount -o bind /dev "$overlaydir"/dev
-	mount -o bind /dev/pts "$overlaydir"/dev/pts
-	mount -o bind /dev/shm "$overlaydir"/dev/shm
-	mount -o bind /tmp "$overlaydir"/tmp
+	mount -t proc proc "$overlaydir"/proc
+	mount -t sysfs sysfs "$overlaydir"/sys
+	mount -t devtmpfs -o relatime,size=3055348k,nr_inodes=763837,mode=755 none "$overlaydir"/dev
+	mount -t devpts -o nosuid,noexec,relatime,gid=5,mode=620 none $1/dev/pts "$overlaydir"/dev/pts
+	mount -t tmpfs -o nosuid,nodev none "$overlaydir"/dev/shm
+	mount -t tmpfs -o nosuid,nodev,noexec none  "$overlaydir"/tmp
 }
 
 envkogaionstop () {
-- 
cgit v1.2.3