diff options
| author | William Hubbs <w.d.hubbs@gmail.com> | 2017-06-13 12:45:35 -0500 |
|---|---|---|
| committer | William Hubbs <w.d.hubbs@gmail.com> | 2017-06-13 13:19:36 -0500 |
| commit | f87a9eec3d23ea01578500972f1df993d5d24fba (patch) | |
| tree | 821e6e5d2ec9267749f746eab4547cbccde8cc5e | |
| parent | 1e837d596e483ceb5cec177a6c7faff24a42384b (diff) | |
init.d/sysfs: mount efivars read only
This fixes #134.
| -rw-r--r-- | NEWS.md | 7 | ||||
| -rw-r--r-- | init.d/sysfs.in | 2 |
2 files changed, 8 insertions, 1 deletions
@@ -3,6 +3,13 @@ This file will contain a list of notable changes for each release. Note the information in this file is in reverse order. +## OpenRC-0.28 + +This version mounts efivars read only due to concerns about changes in +this file system making systems unbootable. If you need to change something +in this path, you will need to re-mount it read-write, make the change +and re-mount it read-only. + ## OpenRC-0.25 This version contains an OpenRC-specific implementation of init for diff --git a/init.d/sysfs.in b/init.d/sysfs.in index e493f584..a2538114 100644 --- a/init.d/sysfs.in +++ b/init.d/sysfs.in @@ -101,7 +101,7 @@ mount_misc() if [ -d /sys/firmware/efi/efivars ] && ! mountinfo -q /sys/firmware/efi/efivars; then ebegin "Mounting efivarfs filesystem" - mount -n -t efivarfs -o ${sysfs_opts} \ + mount -n -t efivarfs -o ro \ efivarfs /sys/firmware/efi/efivars 2> /dev/null eend 0 fi |