[Touch-packages] [Bug 1991661] [NEW] systemd mounts /run without noexec

John Chittum Tue, 04 Oct 2022 05:10:23 -0700

Public bug reported:

initramfs-tools in Bionic+, when mounting the filesystem, mounts /run
with noexec


Cloud images run without initramfs and rely on systemd for the mounts.
systemd, however, mounts /run without noexec. Snip from mount-setup.c
(either in src/core/mount-setup.c < 248 or src/shared/mount-setup.c in
>= 248 )

```
#if ENABLE_SMACK
        { "tmpfs",       "/run",                      "tmpfs",      
"mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
          mac_smack_use, MNT_FATAL                  },
#endif
        { "tmpfs",       "/run",                      "tmpfs",      "mode=755" 
TMPFS_LIMITS_RUN,               MS_NOSUID|MS_NODEV|MS_STRICTATIME,
          NULL,          MNT_FATAL|MNT_IN_CONTAINER },
```

Originally raised in an askubuntu forum: 
https://askubuntu.com/questions/1432383/mounting-run-as-noexec/1433208

CPC hasn't received word from any partners yet, but it does constitute a
possible regression from how the system was mounted in Bionic and Focal
before moving to optimized boots in 2020/2021.

** Affects: initramfs-tools (Ubuntu)
     Importance: Undecided
         Status: New

** Affects: systemd (Ubuntu)
     Importance: Undecided
         Status: New

** Also affects: initramfs-tools (Ubuntu)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to systemd in Ubuntu.
https://bugs.launchpad.net/bugs/1991661

Title:
  systemd mounts /run without noexec

Status in initramfs-tools package in Ubuntu:
  New
Status in systemd package in Ubuntu:
  New

Bug description:
  initramfs-tools in Bionic+, when mounting the filesystem, mounts /run
  with noexec

  Cloud images run without initramfs and rely on systemd for the mounts.
  systemd, however, mounts /run without noexec. Snip from mount-setup.c
  (either in src/core/mount-setup.c < 248 or src/shared/mount-setup.c in
  >= 248 )

  ```
  #if ENABLE_SMACK
          { "tmpfs",       "/run",                      "tmpfs",      
"mode=755,smackfsroot=*" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME,
            mac_smack_use, MNT_FATAL                  },
  #endif
          { "tmpfs",       "/run",                      "tmpfs",      
"mode=755" TMPFS_LIMITS_RUN,               MS_NOSUID|MS_NODEV|MS_STRICTATIME,
            NULL,          MNT_FATAL|MNT_IN_CONTAINER },
  ```

  Originally raised in an askubuntu forum: 
  https://askubuntu.com/questions/1432383/mounting-run-as-noexec/1433208

  CPC hasn't received word from any partners yet, but it does constitute
  a possible regression from how the system was mounted in Bionic and
  Focal before moving to optimized boots in 2020/2021.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/initramfs-tools/+bug/1991661/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

[Touch-packages] [Bug 1991661] [NEW] systemd mounts /run without noexec

Reply via email to