Re: fstab issue in generated images

To: Thorsten Glaser <tg@debian.org>
Cc: debian-cloud@lists.debian.org
Subject: Re: fstab issue in generated images
From: Noah Meyerhans <noahm@debian.org>
Date: Mon, 11 Nov 2024 13:21:31 -0500
Message-id: <[🔎] ZzJLK7i_y5KulAtu@doom.morgul.net>
In-reply-to: <[🔎] ZzJI9glYJUJxVLg_@doom.morgul.net>
References: <4f22d219-1faf-831c-32ed-6bff9af3a200@debian.org> <[🔎] ZzJI9glYJUJxVLg_@doom.morgul.net>

On Mon, Nov 11, 2024 at 01:12:06PM -0500, Noah Meyerhans wrote:
> > PARTUUID=104ec3d3-7bc6-4ce4-be38-166f672601ec /boot/efi vfat defaults 0 0
> > 
> > This ensures that, if the VM isn’t shut down cleanly just once,
> > it refuses to function at all.
> > 
> > Please set the pass field to 2.
> 
> We'll need to install dosfstools in the images, too, for that to matter.
> 
> While we're at it, we should ensure that we're mounting /boot/efi with
> more restrictive permissions, as there may be sensitive information in
> it.  bootctl warns about the current permissions:
> ⚠ Mount point '/boot/efi' which backs the random seed file is world accessible, which is a security hole! ⚠
> ⚠ Random seed file '/boot/efi/loader/random-seed' is world accessible, which is a security hole! ⚠
> 

Tracking these issues as
https://salsa.debian.org/cloud-team/debian-cloud-images/-/issues/86
and
https://salsa.debian.org/cloud-team/debian-cloud-images/-/issues/87

Reply to:

References:
- Re: fstab issue in generated images
  - From: Noah Meyerhans <noahm@debian.org>

Prev by Date: Re: fstab issue in generated images
Next by Date: Time for next team meeting: 2024-11-13
Previous by thread: Re: fstab issue in generated images
Next by thread: Time for next team meeting: 2024-11-13
Index(es):
- Date
- Thread