Also related
https://github.com/systemd/systemd/pull/17238#discussion_r499375614
signature.asc
Description: OpenPGP digital signature
Hi, and thank you all for the great replies!
So I added the following line to fstab:
tmpfs /dev/shm tmpfs rw,nosuid,nodev,noexec 0 0
and it works, just as you said it would. No second /dev/shm popping up or other
stuff I had assumed.
(I'm not sure if it now takes a second longer for the
Andy Smith wrote:
...
>Though note that it seems systemd once did use "noexec" for /dev/shm
>but stopped 10 years ago because it broke some uses of mmap:
>
>
> https://github.com/systemd/systemd/commit/501c875bffaef3263ad42c32485c7fde41027175
libffi also has a habit of using /dev/shm for
Hello,
On Fri, Oct 02, 2020 at 10:35:51PM +0300, Valter Jaakkola wrote:
> So where can I change the mounting parameters of /dev/shm, or otherwise
> arrange
> it so that /dev/shm is noexec already at/after boot?
>
> (Out of curiosity, where is /dev/shm mounted from?)
I think from systemd:
On 2020-10-02 22:35 +0300, Valter Jaakkola wrote:
> I an effort to increase security one of the things I'm trying to do is to have
> no world-writable directories where anything (well, binaries at least) could
> be
> executed from. I use Debian Linux 10 amd64. (I'm a home user.)
>
> When I run
Valter Jaakkola wrote:
> So where can I change the mounting parameters of /dev/shm, or otherwise
> arrange it so that /dev/shm is noexec already at/after boot?
>
> (Out of curiosity, where is /dev/shm mounted from?)
perhaps you are looking for tmpfs settings
AT least here it is mounted as tmpfs
6 matches
Mail list logo
