diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-03-07 11:29:38 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-03-09 21:56:42 +0100 |
| commit | 6eda6f7e51e8d25c12279689567008d50274cd1e (patch) | |
| tree | fde809953fcbe3106b08f6efefd087831f072606 /src/shared/dissect-image.c | |
| parent | 034ebc47a280e6f0f1f051ee15099b6e7fe20e9a (diff) | |
| download | systemd-6eda6f7e51e8d25c12279689567008d50274cd1e.tar.gz | |
mountpoint-util: add new fstype_can_umask() helper
Diffstat (limited to 'src/shared/dissect-image.c')
| -rw-r--r-- | src/shared/dissect-image.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 59adb32426..2502e3a0eb 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1537,7 +1537,9 @@ int partition_pick_mount_options( case PARTITION_XBOOTLDR: flags |= MS_NOSUID|MS_NOEXEC|ms_nosymfollow_supported(); - if (!fstype || streq(fstype, "vfat")) + /* The ESP might contain a pre-boot random seed. Let's make this unaccessible to regular + * userspace. ESP/XBOOTLDR is almost certainly VFAT, hence if we don't know assume it is. */ + if (!fstype || fstype_can_umask(fstype)) if (!strextend_with_separator(&options, ",", "umask=0077")) return -ENOMEM; break; |