Commit b2546a7f authored by fsmithred's avatar fsmithred

restrict permissions on efi partition

parent da19a0cf
......@@ -1575,9 +1575,9 @@ if [[ $use_existing_swap = "yes" ]] ; then
swap_part="$swap_dev"
fi
echo -e $"\n Adding swap entry to fstab...\n"
echo -e "$swap_part\tswap\tswap\tdefaults\t0\t0" >> /target/etc/fstab
echo -e "$swap_part\tnone\tswap\tdefaults\t0\t0" >> /target/etc/fstab
else
echo -e "/swapfile\tswap\tswap\tdefaults\t0\t0" >> /target/etc/fstab
echo -e "/swapfile\tnone\tswap\tdefaults\t0\t0" >> /target/etc/fstab
fi
......@@ -1608,6 +1608,9 @@ if [[ $encrypt_boot = yes ]] ; then
if ! [[ $(grep ^GRUB_ENABLE_CRYPTODISK /target/etc/default/grub) ]] ; then
echo -e "\nGRUB_ENABLE_CRYPTODISK=y\n" >> /target/etc/default/grub
fi
if ! [[ $(grep 'UMASK=0077' /etc/initramfs-tools/conf.d/initramfs-permissions) ]] ; then
echo -e '\nUMASK=0077\n' >> /etc/initramfs-tools/conf.d/initramfs-permissions
fi
fi
......@@ -1655,7 +1658,7 @@ if [[ $uefi_ready = "yes" ]] && [[ $uefi_boot = "yes" ]] ; then
fi
echo -e $"\n Adding esp entry to fstab...\n"
echo -e "$esp_part\t/boot/efi\tvfat\tdefaults\t0\t1" >> /target/etc/fstab
echo -e "$esp_part\t/boot/efi\tvfat\tumask=0077\t0\t1" >> /target/etc/fstab
mkdir /target/boot/efi
mount "$esp_dev" /target/boot/efi/
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment