9ec39d0745
Signed-off-by: Xin Shi <shixin21@huawei.com> (cherry picked from commit decc956d9cea842432cea9e6d6f03e520b9b9414)
51 lines
1.4 KiB
Diff
51 lines
1.4 KiB
Diff
From b6bcc208dda00ae4b310bd2fd513fe250f8b2c10 Mon Sep 17 00:00:00 2001
|
|
From: Xin Shi <shixin21@huawei.com>
|
|
Date: Thu, 24 Aug 2023 09:35:40 +0800
|
|
Subject: [PATCH 4/5] embedded: add noexec mount option to strenthen tmp
|
|
partition
|
|
|
|
Signed-off-by: Xin Shi <shixin21@huawei.com>
|
|
---
|
|
embedded/tmp.mount | 29 +++++++++++++++++++++++++++++
|
|
1 file changed, 29 insertions(+)
|
|
create mode 100644 embedded/tmp.mount
|
|
|
|
diff --git a/embedded/tmp.mount b/embedded/tmp.mount
|
|
new file mode 100644
|
|
index 0000000..c2df09d
|
|
--- /dev/null
|
|
+++ b/embedded/tmp.mount
|
|
@@ -0,0 +1,29 @@
|
|
+# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
+#
|
|
+# This file is part of systemd.
|
|
+#
|
|
+# systemd is free software; you can redistribute it and/or modify it
|
|
+# under the terms of the GNU Lesser General Public License as published by
|
|
+# the Free Software Foundation; either version 2.1 of the License, or
|
|
+# (at your option) any later version.
|
|
+
|
|
+[Unit]
|
|
+Description=Temporary Directory /tmp
|
|
+Documentation=https://systemd.io/TEMPORARY_DIRECTORIES
|
|
+Documentation=man:file-hierarchy(7)
|
|
+Documentation=https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
|
|
+ConditionPathIsSymbolicLink=!/tmp
|
|
+DefaultDependencies=no
|
|
+Conflicts=umount.target
|
|
+Before=local-fs.target umount.target
|
|
+After=swap.target
|
|
+
|
|
+[Mount]
|
|
+What=tmpfs
|
|
+Where=/tmp
|
|
+Type=tmpfs
|
|
+Options=mode=1777,strictatime,nosuid,nodev,size=50%%,nr_inodes=1m,noexec
|
|
+
|
|
+# Make 'systemctl enable tmp.mount' work:
|
|
+[Install]
|
|
+WantedBy=local-fs.target
|
|
--
|
|
2.27.0
|
|
|