mount: forbid suid,exec,dev from /proc and /sys

author: Tom Gundersen <teg@jklm.no> 2010-12-06 00:46:46 +0100
committer: Tom Gundersen <teg@jklm.no> 2010-12-06 11:07:48 +0100
commit: 82d5d1b620f1772bd1d992d671a82395911cbaf4 (patch)
tree: 4d625dbff1d873e3a29e0d7a0f18a76ab03e9ea6 /rc.sysinit
parent: 4eb9da06994ebc58e4dfe73466e03ac400f98a41 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/rc.sysinit b/rc.sysinit
index 2f76dad..0337826 100755
--- a/rc.sysinit
+++ b/rc.sysinit
@@ -17,8 +17,8 @@ printsep
 run_hook sysinit_start
 
 # mount /proc, /sys and our RAM /dev
-/bin/mountpoint -q /proc || /bin/mount -n -t proc none /proc
-/bin/mountpoint -q /sys  || /bin/mount -n -t sysfs none /sys
+/bin/mountpoint -q /proc || /bin/mount -n -t proc proc /proc -o nosuid,noexec,nodev
+/bin/mountpoint -q /sys  || /bin/mount -n -t sysfs sysfs /sys -o nosuid,noexec,nodev
 
 if ! /bin/mountpoint -q /dev; then
   if grep -q devtmpfs /proc/filesystems 2>/dev/null; then
author	Tom Gundersen <teg@jklm.no>	2010-12-06 00:46:46 +0100
committer	Tom Gundersen <teg@jklm.no>	2010-12-06 11:07:48 +0100
commit	82d5d1b620f1772bd1d992d671a82395911cbaf4 (patch)
tree	4d625dbff1d873e3a29e0d7a0f18a76ab03e9ea6 /rc.sysinit
parent	4eb9da06994ebc58e4dfe73466e03ac400f98a41 (diff)