ubuntu-cpc: secure esp mountpoint (LP: )

Change mount option for ubuntu-cpc images from "defaults" to
"umask=0077". ESP partitions might contain sensitive data and
non-root users shouldn't have read access on it.
sil2100/riscv-unmatched-unleashed
Gauthier Jolly 4 years ago
parent 82f69612c7
commit 330720f686
No known key found for this signature in database
GPG Key ID: 76941DD188ED73DF

9
debian/changelog vendored

@ -1,3 +1,12 @@
livecd-rootfs (2.664.19) UNRELEASED; urgency=medium
* ubuntu-cpc: secure esp mountpoint (LP: #1881006)
Change mount option for ubuntu-cpc images from "defaults" to "umask=0077"
ESP partitions might contain sensitive data and non-root users shouldn't
have read access on it.
-- Gauthier Jolly <gauthier.jolly@canonical.com> Wed, 17 Mar 2021 16:55:37 +0000
livecd-rootfs (2.664.18) focal; urgency=medium
[ Patrick Viafore ]

@ -94,7 +94,7 @@ create_and_mount_uefi_partition() {
mount "${uefi_dev}" "$mountpoint"/boot/efi
cat << EOF >> "mountpoint/etc/fstab"
LABEL=UEFI /boot/efi vfat defaults 0 1
LABEL=UEFI /boot/efi vfat umask=0077 0 1
EOF
}

Loading…
Cancel
Save