diff options
Diffstat (limited to 'src/shared/dissect-image.c')
| -rw-r--r-- | src/shared/dissect-image.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/shared/dissect-image.c b/src/shared/dissect-image.c index 59adb32426..2502e3a0eb 100644 --- a/src/shared/dissect-image.c +++ b/src/shared/dissect-image.c @@ -1537,7 +1537,9 @@ int partition_pick_mount_options( case PARTITION_XBOOTLDR: flags |= MS_NOSUID|MS_NOEXEC|ms_nosymfollow_supported(); - if (!fstype || streq(fstype, "vfat")) + /* The ESP might contain a pre-boot random seed. Let's make this unaccessible to regular + * userspace. ESP/XBOOTLDR is almost certainly VFAT, hence if we don't know assume it is. */ + if (!fstype || fstype_can_umask(fstype)) if (!strextend_with_separator(&options, ",", "umask=0077")) return -ENOMEM; break; |