From 82d5d1b620f1772bd1d992d671a82395911cbaf4 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 6 Dec 2010 00:46:46 +0100
Subject: mount: forbid suid,exec,dev from /proc and /sys

---
 rc.sysinit | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rc.sysinit b/rc.sysinit
index 2f76dad..0337826 100755
--- a/rc.sysinit
+++ b/rc.sysinit
@@ -17,8 +17,8 @@ printsep
 run_hook sysinit_start
 
 # mount /proc, /sys and our RAM /dev
-/bin/mountpoint -q /proc || /bin/mount -n -t proc none /proc
-/bin/mountpoint -q /sys  || /bin/mount -n -t sysfs none /sys
+/bin/mountpoint -q /proc || /bin/mount -n -t proc proc /proc -o nosuid,noexec,nodev
+/bin/mountpoint -q /sys  || /bin/mount -n -t sysfs sysfs /sys -o nosuid,noexec,nodev
 
 if ! /bin/mountpoint -q /dev; then
   if grep -q devtmpfs /proc/filesystems 2>/dev/null; then
-- 
cgit v1.2.3