From c272c36c9455f92200d42de951065c1cf8205547 Mon Sep 17 00:00:00 2001
From: Qiumiao Zhang <zhangqiumiao1@huawei.com>
Date: Thu, 12 Oct 2023 21:31:42 +0800
Subject: [PATCH] mount sysfs and proc with nodev and noexec mode

Signed-off-by: Qiumiao Zhang <zhangqiumiao1@huawei.com>
---
 usr/Euler/project/install/setupOS.sh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/usr/Euler/project/install/setupOS.sh b/usr/Euler/project/install/setupOS.sh
index 807d01f..af4777f 100644
--- a/usr/Euler/project/install/setupOS.sh
+++ b/usr/Euler/project/install/setupOS.sh
@@ -294,10 +294,10 @@ function SetupOS_CpFstab()
         fi
 
         #modify fstab，add "proc，sysfs，debugfs，usbfs，devpts"
-        echo "sysfs                /sys                 sysfs      noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
-        echo "proc                 /proc                proc       defaults              0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "sysfs                /sys                 sysfs      nosuid,nodev,noexec,noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "proc                 /proc                proc       nosuid,nodev,noexec              0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
         echo "usbfs                /proc/bus/usb        usbfs      noauto                0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
-        echo "devpts               /dev/pts             devpts     mode=0620,gid=5       0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
+        echo "devpts               /dev/pts             devpts     nosuid,noexec,mode=0620,gid=5       0 0" >> ${LOCAL_DISK_PATH}${SI_FSTAB}
 
         g_LOG_Info "copy $FSTAB_FILE success."
 
-- 
2.27.0