commit: f87a9eec3d23ea01578500972f1df993d5d24fba
Author: William Hubbs <w.d.hubbs <AT> gmail <DOT> com>
AuthorDate: Tue Jun 13 17:45:35 2017 +0000
Commit: William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Tue Jun 13 18:19:36 2017 +0000
URL: https://gitweb.gentoo.org/proj/openrc.git/commit/?id=f87a9eec
init.d/sysfs: mount efivars read only
This fixes #134.
NEWS.md | 7 +++++++
init.d/sysfs.in | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/NEWS.md b/NEWS.md
index 90a452b6..53802b40 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -3,6 +3,13 @@
This file will contain a list of notable changes for each release. Note
the information in this file is in reverse order.
+## OpenRC-0.28
+
+This version mounts efivars read only due to concerns about changes in
+this file system making systems unbootable. If you need to change something
+in this path, you will need to re-mount it read-write, make the change
+and re-mount it read-only.
+
## OpenRC-0.25
This version contains an OpenRC-specific implementation of init for
diff --git a/init.d/sysfs.in b/init.d/sysfs.in
index e493f584..a2538114 100644
--- a/init.d/sysfs.in
+++ b/init.d/sysfs.in
@@ -101,7 +101,7 @@ mount_misc()
if [ -d /sys/firmware/efi/efivars ] &&
! mountinfo -q /sys/firmware/efi/efivars; then
ebegin "Mounting efivarfs filesystem"
- mount -n -t efivarfs -o ${sysfs_opts} \
+ mount -n -t efivarfs -o ro \
efivarfs /sys/firmware/efi/efivars 2> /dev/null
eend 0
fi
