From owner-freebsd-rc@FreeBSD.ORG Mon Nov 8 00:50:39 2004 Return-Path: Delivered-To: freebsd-rc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 55D6816A4CE for ; Mon, 8 Nov 2004 00:50:39 +0000 (GMT) Received: from nic.ach.sch.gr (nic.sch.gr [194.63.238.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4CE6443D46 for ; Mon, 8 Nov 2004 00:50:36 +0000 (GMT) (envelope-from keramida@freebsd.org) Received: (qmail 28495 invoked by uid 207); 8 Nov 2004 00:50:35 -0000 Received: from keramida@freebsd.org by nic by uid 201 with qmail-scanner-1.21 (sophie: 3.04/2.19/3.81. Clear:RC:1(81.186.70.61):. Processed in 1.653066 secs); 08 Nov 2004 00:50:35 -0000 Received: from dialup61.ach.sch.gr (HELO gothmog.gr) ([81.186.70.61]) (envelope-sender ) by nic.sch.gr (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for ; 8 Nov 2004 00:50:32 -0000 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.13.1/8.13.1) with ESMTP id iA80o7e8066108 for ; Mon, 8 Nov 2004 02:50:07 +0200 (EET) (envelope-from keramida@freebsd.org) Received: (from giorgos@localhost) by gothmog.gr (8.13.1/8.13.1/Submit) id iA80o7Y2066107 for freebsd-rc@freebsd.org; Mon, 8 Nov 2004 02:50:07 +0200 (EET) (envelope-from keramida@freebsd.org) Date: Mon, 8 Nov 2004 02:50:07 +0200 From: Giorgos Keramidas To: freebsd-rc@freebsd.org Message-ID: <20041108005007.GB57736@gothmog.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Subject: RFC (fwd) Re: 5.3 tmpfs mount permissions X-BeenThere: freebsd-rc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussion related to /etc/rc.d design and implementation. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Nov 2004 00:50:39 -0000 Hi, Does the change outlined below seem like something I should commit? The most important part is the change in the mount_md function of rc.subr IMHO. If that's ok, then the rest is pretty straight-forward. ----- Forwarded message from "J.D. Bronson" ----- Date: Sun, 07 Nov 2004 18:38:29 -0600 From: "J.D. Bronson" Subject: Re: 5.3 tmpfs mount permissions To: Giorgos Keramidas Cc: freebsd-questions@freebsd.org At 06:06 PM 11/07/2004, Giorgos Keramidas wrote: >On 2004-11-07 14:52, "J.D. Bronson" wrote: >> I setup /etc/rc.conf as follows: >> >> tmpmfs="YES" >> tmpsize="512m" >> >> and it works - but I want to mount tmp with some additional >> options and wondering how to edit /etc/rc.d/tmp to accommodate this? >> >> I would like to add this: noexec,nosuid,nodev,nosymfollow >> when /tmp is mounted as tmpfs. > >I see no way to pass extra options to mdmfs from `/etc/rc.d/tmp'. One >way to do this is to modify /etc/rc.d/tmp locally, but this will create >maintenance work for every mergemaster run you do in the future. > >> Can anyone offer some advice - thanks :) > >The following patch is against CURRENT. Does this look like a good thing to >you? If it does, we could ask our rc.d gurus for their approval to commit >it >to the tree. > >Then, all you'd have to do to pass special options to the tmpmfs mount would >be to add something like this to your `rc.conf': > > tmpoptions="noexec,nosuid,nodev,nosymfollow" > >----- tmpmfs-options.patch begins here ----- >Index: etc/rc.subr >=================================================================== >RCS file: /home/ncvs/src/etc/rc.subr,v >retrieving revision 1.31 >diff -u -r1.31 rc.subr >--- etc/rc.subr 30 Jul 2004 17:19:35 -0000 1.31 >+++ etc/rc.subr 7 Nov 2004 23:55:27 -0000 >@@ -1290,11 +1290,15 @@ > # $1 = size > # $2 = mount point > # $3 = (optional) bytes-per-inode >+# $4 = extra options > mount_md() { >+ if [ -n "$4" ]; then >+ opt="-o $4" >+ fi > if [ -n "$3" ]; then > bpi="-i $3" > fi >- /sbin/mdmfs $bpi -s $1 -M md $2 >+ /sbin/mdmfs $bpi $opt -s $1 -M md $2 > } > > fi >Index: etc/defaults/rc.conf >=================================================================== >RCS file: /home/ncvs/src/etc/defaults/rc.conf,v >retrieving revision 1.229 >diff -u -r1.229 rc.conf >--- etc/defaults/rc.conf 4 Nov 2004 13:33:29 -0000 1.229 >+++ etc/defaults/rc.conf 7 Nov 2004 23:57:34 -0000 >@@ -40,6 +40,7 @@ > removable_interfaces="" # Removable network interfaces for /etc/pccard_ether. > tmpmfs="AUTO" # Set to YES to always create an mfs /tmp, NO to never > tmpsize="20m" # Size of mfs /tmp if created >+tmpoptions="noexec,nosuid,nodev" # extra mount options for tmpfs > varmfs="AUTO" # Set to YES to always create an mfs /var, NO to never > varsize="32m" # Size of mfs /var if created > populate_var="AUTO" # Set to YES to always (re)populate /var, NO to never >Index: etc/rc.d/tmp >=================================================================== >RCS file: /home/ncvs/src/etc/rc.d/tmp,v >retrieving revision 1.34 >diff -u -r1.34 tmp >--- etc/rc.d/tmp 7 Oct 2004 13:55:26 -0000 1.34 >+++ etc/rc.d/tmp 7 Nov 2004 23:56:31 -0000 >@@ -56,7 +56,7 @@ > echo "dropping into shell, ^D to continue anyway." > /bin/sh > else >- mount_md ${tmpsize} /tmp >+ mount_md ${tmpsize} /tmp ${tmpoptions} > chmod 01777 /tmp > fi > fi >Index: share/man/man5/rc.conf.5 >=================================================================== >RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v >retrieving revision 1.235 >diff -u -r1.235 rc.conf.5 >--- share/man/man5/rc.conf.5 4 Nov 2004 13:33:29 -0000 1.235 >+++ share/man/man5/rc.conf.5 8 Nov 2004 00:00:13 -0000 >@@ -240,6 +240,12 @@ > Controls the size of a created > .Pa /tmp > memory file system. >+.It Va tmpoptions >+Controls the >+.Xr mount 8 >+options of a created >+.Pa /tmp >+memory file system. > .It Va varmfs > Controls the creation of a > .Pa /var >@@ -3109,6 +3115,7 @@ > .Xr kldxref 8 , > .Xr lpd 8 , > .Xr mdconfig 8 , >+.Xr mount 8 , > .Xr mountd 8 , > .Xr moused 8 , > .Xr mrouted 8 , >----- tmpmfs-options.patch ends here ----- this looks GREAT. I think for security in mind, this would be a welcome addition to the FreeBSD OS - no ?? Thanks....I really appreciate this! -- J.D. Bronson Aurora Health Care // Information Services // Milwaukee, WI USA Office: 414.978.8282 // Email: jd@aurora.org // Pager: 414.314.8282 ----- End forwarded message -----