!42 mount sysfs and proc with noguid, nodev and noexec mode

From: @zhangqiumiao Reviewed-by: @t_feng Signed-off-by: @t_feng
2023-11-25 06:25:58 +00:00 · 2023-11-25 06:25:58 +00:00 · d3728db423
commit d3728db423
parent 338e1bb4f8 063670f1ab
2 changed files with 39 additions and 1 deletions
--- a/0006-mount-sysfs-and-proc-with-nodev-and-noexec-mode.patch
+++ b/0006-mount-sysfs-and-proc-with-nodev-and-noexec-mode.patch
@ -0,0 +1,31 @@
+From c272c36c9455f92200d42de951065c1cf8205547 Mon Sep 17 00:00:00 2001
+From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+Date: Thu, 12 Oct 2023 21:31:42 +0800
+Subject: [PATCH] mount sysfs and proc with nodev and noexec mode
+
+Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
+---
+ usr/Euler/project/install/setupOS.sh | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/usr/Euler/project/install/setupOS.sh b/usr/Euler/project/install/setupOS.sh
+index 807d01f..af4777f 100644
+--- a/usr/Euler/project/install/setupOS.sh
+++ b/usr/Euler/project/install/setupOS.sh
+@@ -294,10 +294,10 @@ function SetupOS_CpFstab()
+         fi
+ 
+         #modify fstab，add "proc，sysfs，debugfs，usbfs，devpts"
+-        echo "sysfs                /sys                 sysfs      noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+-        echo "proc                 /proc                proc       defaults              0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "sysfs                /sys                 sysfs      nosuid,nodev,noexec,noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "proc                 /proc                proc       nosuid,nodev,noexec              0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+         echo "usbfs                /proc/bus/usb        usbfs      noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+-        echo "devpts               /dev/pts             devpts     mode=0620,gid=5       0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "devpts               /dev/pts             devpts     nosuid,noexec,mode=0620,gid=5       0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+ 
+         g_LOG_Info "copy $FSTAB_FILE success."
+ 
+-- 
+2.27.0
+
--- a/install-scripts.spec
+++ b/install-scripts.spec
@ -3,7 +3,7 @@ Summary:        scripts for system installation
 Group:          Applications/System
 License:        MulanPSL-2.0
 Version:        1.2
-Release:        9
+Release:        10
 SOURCE0:        %{name}-%{version}.tar.gz

 Patch0001: 0001-add-support-for-nvme-disk.patch
@ -11,6 +11,7 @@ Patch0002: 0002-support-mbsc.patch
 Patch0003: 0003-remove-the-executable-permission-of-non-root-users-f.patch
 Patch0004: 0004-fix-missing-quotation-in-filetransfer.sh.patch
 Patch0005: 0005-support-use-20-escape-characters-in-url.patch
+Patch0006: 0006-mount-sysfs-and-proc-with-nodev-and-noexec-mode.patch

 Requires:       kernel
 BuildRequires:  dos2unix coreutils findutils
@ -103,6 +104,12 @@ rm -rf $RPM_BUILD_DIR/%{name}-%{version}
 %attr(0640,root,root) /etc/sysctl.d/01-euler-printk.conf

 %changelog
+* Thu Oct 12 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 1.2-10
+- Type:requirement
+- CVE:NA
+- SUG:NA
+- DESC:mount sysfs and proc with nodev and noexec mode
+
 * Tue Aug 15 2023 zhangqiumiao <zhangqiumiao1@huawei.com> - 1.2-9
 - Type:requirement
 - CVE:NA