On 12/13/2010 7:37, Karel Zak wrote:
> On Sun, Dec 12, 2010 at 07:49:27PM -0800, John Reiser wrote:
>> How did /dev/shm get noexec in Fedora 15 rawhide?
>> $ grep /dev/shm /proc/mounts
>> tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
>> $ grep -srl noexec /etc
>> /etc/alternatives/ld
>> /etc/fstab ## derived from /proc/mounts
>> /etc/mtab ## derived from /proc/mounts
>>
>> This is a change from Fedora 14, and I cannot find documentation.
>> The only 'noexec' that I can find in the source to systemd-15
>> is two mentions in units/var-{lock,run}.mount.
>
> the MS_NOEXEC flags is in private systemd fstab, see
> systemd/src/mount-setup.c:
>
> static const MountPoint mount_table[] = {
> { "proc", "/proc", "proc", NULL,
> MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "sysfs", "/sys", "sysfs", NULL,
> MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "devtmpfs", "/dev", "devtmpfs", "mode=755",
> MS_NOSUID, true },
> { "tmpfs", "/dev/shm", "tmpfs", "mode=1777",
> MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "devpts", "/dev/pts", "devpts", NULL,
> MS_NOSUID|MS_NOEXEC, false },
> { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755",
> MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "cgroup", "/sys/fs/cgroup/systemd", "cgroup",
> "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> };
>
>> As a site administrator, how can I change the default to omit 'noexec'?
>
> mount -o remount,exec ?
If systemd is going to ignore fstab entries, could we please have the
fstab file on newly-installed systems replace the entries that would be
ignored with commentary that explains which filesystems will be ignored?
That said, this should really be configurable without recompiling the
init system.
--
devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel
