[Bug 1991661] [NEW] systemd mounts /run without noexec
John Chittum
1991661 at bugs.launchpad.net
Tue Oct 4 12:02:56 UTC 2022
Public bug reported:
initramfs-tools in Bionic+, when mounting the filesystem, mounts /run
with noexec
Cloud images run without initramfs and rely on systemd for the mounts.
systemd, however, mounts /run without noexec. Snip from mount-setup.c
(either in src/core/mount-setup.c < 248 or src/shared/mount-setup.c in
>= 248 )
```
#if ENABLE_SMACK
{ "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
#endif
{ "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
```
Originally raised in an askubuntu forum:
https://askubuntu.com/questions/1432383/mounting-run-as-noexec/1433208
CPC hasn't received word from any partners yet, but it does constitute a
possible regression from how the system was mounted in Bionic and Focal
before moving to optimized boots in 2020/2021.
** Affects: initramfs-tools (Ubuntu)
Importance: Undecided
Status: New
** Affects: systemd (Ubuntu)
Importance: Undecided
Status: New
** Also affects: initramfs-tools (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991661
Title:
systemd mounts /run without noexec
Status in initramfs-tools package in Ubuntu:
New
Status in systemd package in Ubuntu:
New
Bug description:
initramfs-tools in Bionic+, when mounting the filesystem, mounts /run
with noexec
Cloud images run without initramfs and rely on systemd for the mounts.
systemd, however, mounts /run without noexec. Snip from mount-setup.c
(either in src/core/mount-setup.c < 248 or src/shared/mount-setup.c in
>= 248 )
```
#if ENABLE_SMACK
{ "tmpfs", "/run", "tmpfs", "mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
mac_smack_use, MNT_FATAL },
#endif
{ "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
NULL, MNT_FATAL|MNT_IN_CONTAINER },
```
Originally raised in an askubuntu forum:
https://askubuntu.com/questions/1432383/mounting-run-as-noexec/1433208
CPC hasn't received word from any partners yet, but it does constitute
a possible regression from how the system was mounted in Bionic and
Focal before moving to optimized boots in 2020/2021.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1991661/+subscriptions
More information about the foundations-bugs
mailing list