From f87a9eec3d23ea01578500972f1df993d5d24fba Mon Sep 17 00:00:00 2001
From: William Hubbs <w.d.hubbs@gmail.com>
Date: Tue, 13 Jun 2017 12:45:35 -0500
Subject: [PATCH] init.d/sysfs: mount efivars read only

This fixes #134.
---
 NEWS.md         | 7 +++++++
 init.d/sysfs.in | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/NEWS.md b/NEWS.md
index 90a452b6..53802b40 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -3,6 +3,13 @@
 This file will contain a list of notable changes for each release. Note
 the information in this file is in reverse order.
 
+## OpenRC-0.28
+
+This version mounts efivars read only due to concerns about changes in
+this file system making systems unbootable.  If you need to change something
+in this path, you will need to re-mount it read-write, make the change
+and re-mount it read-only.
+
 ## OpenRC-0.25
 
 This version contains an OpenRC-specific implementation of init for
diff --git a/init.d/sysfs.in b/init.d/sysfs.in
index e493f584..a2538114 100644
--- a/init.d/sysfs.in
+++ b/init.d/sysfs.in
@@ -101,7 +101,7 @@ mount_misc()
 	if [ -d /sys/firmware/efi/efivars ] &&
 		! mountinfo -q /sys/firmware/efi/efivars; then
 		ebegin "Mounting efivarfs filesystem"
-		mount -n -t efivarfs -o ${sysfs_opts} \
+		mount -n -t efivarfs -o ro \
 			efivarfs /sys/firmware/efi/efivars 2> /dev/null
 		eend 0
 	fi