Opened 18 months ago

Closed 15 months ago

Last modified 15 months ago

#929 closed Feature Request (fixed)

Set noexec, nodev, nosuid boot options on certain datasets during installation

Reported by: yggdrasil Owned by: kris
Priority: minor Milestone:
Component: Installer Version: 10.0-RELEASE
Keywords: Cc: trac-bugs@…



I'd like to have the installer set up the ZFS pool to mount datasets with security related mount options like OpenBSD does by default. Setting e.g. noexec and nosuid for /tmp, /var{/log,/tmp} etc.

Thank you

Change History (2)

comment:1 Changed 15 months ago by kris

  • Resolution set to fixed
  • Status changed from new to closed

Good thinking, I added it, along with ability to manually set exec/suid on other ZFS datasets.

comment:2 Changed 15 months ago by yggdrasil

I actually completely forgot about this one :D
I vaguely remember that in my test setting noexec on /tmp lead to problems building some ports, because for reasons I can't really fathom they use /tmp to execute some stuff?! I would REALLY like to have noexec /tmp, but I'm not sure how compatible this is with ports, just FYI.

Note: See TracTickets for help on using tickets.