more permissions fix

- paranoid mode 400 for most stuff related to portron
nebular · Dec 13, 2018 · fd31ada · fd31ada
1 parent d4bd108
commit fd31ada
Show file tree

Hide file tree

Showing 4 changed files with 3 additions and 1 deletion.
diff --git a/lib/portron.default/xzm/000-kernel.xzm b/lib/portron.default/xzm/000-kernel.xzm
diff --git a/lib/portron.default/xzm/001-core.xzm b/lib/portron.default/xzm/001-core.xzm
diff --git a/src/initrd/init b/src/initrd/init
@@ -201,7 +201,9 @@ aufs_setup() {
         mount -nt squashfs -o loop /memory/copy2ram/${x} /memory/images/${x} 2>/dev/null
         if [ $? -eq 0 ]; then
             mount -no remount,add:1:/memory/images/${x}=rr aufs /union
+            # export flag to var/run so we can easily know if a module is loaded
             touch /union/var/run/portron/mod.${x}
+            chmod 400 /union/var/run/portron/mod.${x}
         else
             escape "Cannot read $x. Corrupted module?"
         fi

diff --git a/src/initrd/init.config b/src/initrd/init.config
@@ -125,7 +125,7 @@ expKernel() {
 
    [ "${val}" ] && {
         touch ${fil}
-        chmod a-w ${fil}
+        chmod 400 ${fil}
         logme "- enabling kp $1"
    } || {
         [ -f ${fil} ] && {