From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9D37C139694 for ; Tue, 13 Jun 2017 18:20:45 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id CF29121C07D; Tue, 13 Jun 2017 18:20:43 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id A99CE21C07D for ; Tue, 13 Jun 2017 18:20:43 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 6816B341A0C for ; Tue, 13 Jun 2017 18:20:42 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 864BE73E0 for ; Tue, 13 Jun 2017 18:20:40 +0000 (UTC) From: "William Hubbs" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "William Hubbs" Message-ID: <1497377976.f87a9eec3d23ea01578500972f1df993d5d24fba.williamh@OpenRC> Subject: [gentoo-commits] proj/openrc:master commit in: init.d/, / X-VCS-Repository: proj/openrc X-VCS-Files: NEWS.md init.d/sysfs.in X-VCS-Directories: / init.d/ X-VCS-Committer: williamh X-VCS-Committer-Name: William Hubbs X-VCS-Revision: f87a9eec3d23ea01578500972f1df993d5d24fba X-VCS-Branch: master Date: Tue, 13 Jun 2017 18:20:40 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Archives-Salt: c44f6c63-a5b6-4aed-b569-f4b8f27b895a X-Archives-Hash: 787ff1b25d9f7ca27014557d7a1fa006 commit: f87a9eec3d23ea01578500972f1df993d5d24fba Author: William Hubbs gmail com> AuthorDate: Tue Jun 13 17:45:35 2017 +0000 Commit: William Hubbs gentoo org> CommitDate: Tue Jun 13 18:19:36 2017 +0000 URL: https://gitweb.gentoo.org/proj/openrc.git/commit/?id=f87a9eec init.d/sysfs: mount efivars read only This fixes #134. NEWS.md | 7 +++++++ init.d/sysfs.in | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/NEWS.md b/NEWS.md index 90a452b6..53802b40 100644 --- a/NEWS.md +++ b/NEWS.md @@ -3,6 +3,13 @@ This file will contain a list of notable changes for each release. Note the information in this file is in reverse order. +## OpenRC-0.28 + +This version mounts efivars read only due to concerns about changes in +this file system making systems unbootable. If you need to change something +in this path, you will need to re-mount it read-write, make the change +and re-mount it read-only. + ## OpenRC-0.25 This version contains an OpenRC-specific implementation of init for diff --git a/init.d/sysfs.in b/init.d/sysfs.in index e493f584..a2538114 100644 --- a/init.d/sysfs.in +++ b/init.d/sysfs.in @@ -101,7 +101,7 @@ mount_misc() if [ -d /sys/firmware/efi/efivars ] && ! mountinfo -q /sys/firmware/efi/efivars; then ebegin "Mounting efivarfs filesystem" - mount -n -t efivarfs -o ${sysfs_opts} \ + mount -n -t efivarfs -o ro \ efivarfs /sys/firmware/efi/efivars 2> /dev/null eend 0 fi