Re: Mounting /dev/shm noexec

To: debian-user@lists.debian.org
Subject: Re: Mounting /dev/shm noexec
From: Andy Smith <andy@strugglers.net>
Date: Fri, 2 Oct 2020 20:46:26 +0000
Message-id: <[🔎] 20201002204626.GP23197@bitfolk.com>
In-reply-to: <[🔎] 2543cc569115136a021c132be3ed0cc73eb3cc66.camel@elisanet.fi>
References: <[🔎] 2543cc569115136a021c132be3ed0cc73eb3cc66.camel@elisanet.fi>

Hello,

On Fri, Oct 02, 2020 at 10:35:51PM +0300, Valter Jaakkola wrote:
> So where can I change the mounting parameters of /dev/shm, or otherwise arrange
> it so that /dev/shm is noexec already at/after boot?
> 
> (Out of curiosity, where is /dev/shm mounted from?)

I think from systemd:

    https://github.com/systemd/systemd/blob/c7828862b39883cf1f55235a937d29588d5a806b/src/core/mount-setup.c#L79

and I think if you wish to alter the mount options you should put it
in /etc/fstab and then systemd will do the equivalent of:

# mount -oremount /dev/shm

to get your options set, though there would be a small window where
it had the default options.

Though note that it seems systemd once did use "noexec" for /dev/shm
but stopped 10 years ago because it broke some uses of mmap:

    https://github.com/systemd/systemd/commit/501c875bffaef3263ad42c32485c7fde41027175

On SysV init systems I think this is part of the initscripts
package.

Cheers,
Andy

-- 
https://bitfolk.com/ -- No-nonsense VPS hosting

Reply to:

Follow-Ups:
- Re: Mounting /dev/shm noexec
  - From: Steve McIntyre <steve@einval.com>

References:
- Mounting /dev/shm noexec
  - From: Valter Jaakkola <valter.jaakkola@elisanet.fi>

Prev by Date: Re: Mounting /dev/shm noexec
Next by Date: Re: General-Purpose Server for Debian Stable
Previous by thread: Re: Mounting /dev/shm noexec
Next by thread: Re: Mounting /dev/shm noexec
Index(es):
- Date
- Thread