init.d/sysfs: mount efivars read only

This fixes #134.
2017-06-13 12:45:35 -05:00 · 2017-06-13 12:45:35 -05:00 · f87a9eec3d
commit f87a9eec3d
parent 1e837d596e
2 changed files with 8 additions and 1 deletions
--- a/NEWS.md
+++ b/NEWS.md
@ -3,6 +3,13 @@
 This file will contain a list of notable changes for each release. Note
 the information in this file is in reverse order.

+## OpenRC-0.28
+
+This version mounts efivars read only due to concerns about changes in
+this file system making systems unbootable.  If you need to change something
+in this path, you will need to re-mount it read-write, make the change
+and re-mount it read-only.
+
 ## OpenRC-0.25

 This version contains an OpenRC-specific implementation of init for
--- a/init.d/sysfs.in
+++ b/init.d/sysfs.in
@ -101,7 +101,7 @@ mount_misc()
 	if [ -d /sys/firmware/efi/efivars ] &&
 		! mountinfo -q /sys/firmware/efi/efivars; then
 		ebegin "Mounting efivarfs filesystem"
-		mount -n -t efivarfs -o ${sysfs_opts} \
+		mount -n -t efivarfs -o ro \
 			efivarfs /sys/firmware/efi/efivars 2> /dev/null
 		eend 0
 	fi