summaryrefslogblamecommitdiff
path: root/system/openrc/0006-mount-efivars-read-only.patch
blob: ec2321dd232e7a6c9c55c89aab1ad504e094d832 (plain) (tree)


























                                                                        
From 37feb4b716525f0c5c5469f21686ab4efcf06fab Mon Sep 17 00:00:00 2001
From: Natanael Copa <ncopa@alpinelinux.org>
Date: Wed, 1 Feb 2017 04:18:53 +0000
Subject: [PATCH 6/7] mount efivars read-only

unintentional writes to efivars may result in bricked hardware. mount it
read-only to play safe.
---
 init.d/sysfs.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init.d/sysfs.in b/init.d/sysfs.in
index e493f584..bfd0d438 100644
--- a/init.d/sysfs.in
+++ b/init.d/sysfs.in
@@ -101,7 +101,7 @@ mount_misc()
 	if [ -d /sys/firmware/efi/efivars ] &&
 		! mountinfo -q /sys/firmware/efi/efivars; then
 		ebegin "Mounting efivarfs filesystem"
-		mount -n -t efivarfs -o ${sysfs_opts} \
+		mount -n -t efivarfs -o ro,${sysfs_opts} \
 			efivarfs /sys/firmware/efi/efivars 2> /dev/null
 		eend 0
 	fi
-- 
2.11.1