| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 30 Jun 2021 13:51:27 +0200 From: Greg Depoire--Ferrer <greg.depoire@...il.com> To: linux-kernel@...r.kernel.org Subject: No way to set FS independent mount flags for rootfs This old thread[1] describes the issue: * The kernel already supports setting filesystem dependent mount data using rootflags=... but it doesn't support setting the filesystem independent mount flags (the fourth parameter in mount(2)). * Fortunately, most initrds have custom parsing for rootflags= and understand additional flags: for instance they convert noatime into MS_NOATIME. * But even then there is the issue of flags that can't be reset later by initrd like MS_NODEV or MS_NOSUID (not sure if this changed since then). It seems like it would make sense for the kernel to add a command line parameter for this because for those that don't use an initrd, it seems arbitrary that the kernel already supports setting one type of flags (the fifth parameter in mount(2)) for rootfs but not the other. In reply to this message, there is a patch that implements what was suggested in that thread: adding a 'rootopts=' parameter that takes a bitmap value for the mount flags. The name is not ideal: it would make more sense for it to be named rootflags= and the actual rootflags= to be named rootdata= according to mount(2). It works for me but I don't know if this is the right solution. [1]: https://lkml.org/lkml/2003/8/12/203
Powered by blists - more mailing lists