summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNatanael Copa <ncopa@alpinelinux.org>2016-02-02 08:12:43 +0000
committerNatanael Copa <ncopa@alpinelinux.org>2016-03-18 10:43:31 +0100
commitf76aafe23e98e5581f34c3ebfcbfbf99314babb5 (patch)
tree0331bb43d26d81b000fe83a7b10547e080952863
parent02241b2ec7d1db08030927b8cafdd3b7cd3fe618 (diff)
main/openrc: mount efivars read-only
unintentional writes to efivars may result in bricked hardware. mount it read-only to play safe. (cherry picked from commit 53694c791e7c7112a0d8e4b47bdca8fd03edea4e)
-rw-r--r--main/openrc/APKBUILD6
-rw-r--r--main/openrc/read-only-efivars.patch13
2 files changed, 18 insertions, 1 deletions
diff --git a/main/openrc/APKBUILD b/main/openrc/APKBUILD
index e0a4e751003..d9dfec0dbd7 100644
--- a/main/openrc/APKBUILD
+++ b/main/openrc/APKBUILD
@@ -2,7 +2,7 @@
pkgname=openrc
pkgver=0.19
_ver=${pkgver/_git*/}
-pkgrel=2
+pkgrel=3
pkgdesc="OpenRC manages the services, startup and shutdown of a host"
url="http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git"
arch="all"
@@ -20,6 +20,7 @@ source="openrc-$pkgver.tar.gz::https://github.com/OpenRC/openrc/archive/$pkgver.
swap-ifexists.patch
hide-migrate-to-run-error.patch
rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch
+ read-only-efivars.patch
openrc.logrotate
hostname.initd
@@ -83,6 +84,7 @@ c2af5e52da614a6cef02d1e4d537e360 swap-umount-tmpfs.patch
1c426b84d13a725ad493647b5253f239 swap-ifexists.patch
679c559aa54f9e855cd735866eeaaad6 hide-migrate-to-run-error.patch
db45dc04a50d48a0c377e9de3ee0008b rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch
+1f4d1fed897e8dd42b459952c63933d2 read-only-efivars.patch
d83df5513f08f09fa9e7353327701bf7 openrc.logrotate
60b4cf93ca19aff577fd743ab42878a8 hostname.initd
887eba592d487d6ffe2b42cfcd2813df hwdrivers.initd
@@ -101,6 +103,7 @@ bdccc12593d9bb9df6fcff57a56e4100ae43e052d6eff87f561966653ca071dc 0001-sysctl.Li
8978b00492d90b573f5254cc394582e8f1a5cd8b4d6c928fa0a9a022dd17fe9c swap-ifexists.patch
786580df90a5a75087e5adfd395d160dee2df4b994e0938e8524198aeaf2d774 hide-migrate-to-run-error.patch
cb4ff88875c0125b68fe567cc41b42743499bbdc90a5c9dfe2b92883b5b05111 rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch
+61abfab5a0100ea1ea706bf50712cb38f107516c2856a1278fb9364bdde216c0 read-only-efivars.patch
30a81fb2f761083088d4d6a3d435fc842966d44588e9837b45ffd03e48be6eb6 openrc.logrotate
dda515d7d906cebcf4137746939f3fdccc7f504fe097ef1dbf429e3e6773a013 hostname.initd
6cb4d9ea3ad562bcf2697f61f5a76a10481d23f5dead570f82eff576eaca5236 hwdrivers.initd
@@ -119,6 +122,7 @@ eee27fbf72776fb70d3aa6c6464180731d522191e5755aa431ab09ea11dd11bf001a95618adcaa5c
c5b8806c693b0ea48ff87e0e3669304f5c2f95954ad54814889047a933f367081a8c8d3bb771dd1ed6c3bc845df894232bd6b662066d09eba3abf3964187d1d1 swap-ifexists.patch
750e3305913d3f6fa6baa0b34b851fe17aacb922e864b95ec9b4b451e8e3c16d0c10686a12f4c7cb9b5d05894e1d89b0dac3beed19b1223d3fbc672f25769145 hide-migrate-to-run-error.patch
a3c2f419a3d475519cc8f78bd3baa26cae90a492a5fc92308b18931889db10452aa33324cca8489058d2bcf720e67ab9163ada090d3d3f54ab55dbd758901d4a rc-pull-in-sysinit-and-boot-as-stacked-levels-when-needed.patch
+2e4c9edb51c4220684ee39102e048df0a6a4f10ddea0e9e5b7f9323240c47181de0048b23fe49c23221f9c78663e7336deb70d9c8eccdc9ce3eb86b51e009f1f read-only-efivars.patch
12bb6354e808fbf47bbab963de55ee7901738b4a912659982c57ef2777fff9a670e867fcb8ec316a76b151032c92dc89a950d7d1d835ef53f753a8f3b41d2cec openrc.logrotate
99b542c0903ad6874b8c308b2e0660a4fe2ff9db962dfec65325cd12c368873a2ae800d5e6d42dc4deff775e1d5c0068869eb72581f7ab16e88d5738afe1d3dd hostname.initd
b51d95df7b692aaea3e14ed009d99b46b82500d505e2eeecb6a20136cee140aea4a7377a65ccc5c51fff64be7a50666be48616d179888eaeff9d35178a7a772b hwdrivers.initd
diff --git a/main/openrc/read-only-efivars.patch b/main/openrc/read-only-efivars.patch
new file mode 100644
index 00000000000..5311ff8aa96
--- /dev/null
+++ b/main/openrc/read-only-efivars.patch
@@ -0,0 +1,13 @@
+diff --git a/init.d/sysfs.in b/init.d/sysfs.in
+index 4f214f6..759f246 100644
+--- a/init.d/sysfs.in
++++ b/init.d/sysfs.in
+@@ -96,7 +96,7 @@ mount_misc()
+ modprobe -q efivarfs
+ if grep -qs efivarfs /proc/filesystems; then
+ ebegin "Mounting efivarfs filesystem"
+- mount -n -t efivarfs -o ${sysfs_opts} \
++ mount -n -t efivarfs -o ro,${sysfs_opts} \
+ efivarfs /sys/firmware/efi/efivars
+ eend $?
+ fi