From 0c976787c7cea971297d7d00ac5b333e1d1ccc73 Mon Sep 17 00:00:00 2001
From: illiliti <illiliti@protonmail.com>
Date: Sun, 8 Mar 2020 06:29:14 +0300
Subject: [PATCH] some improvements

---
 tinyramfs                |  7 ++-----
 usr/share/tinyramfs/init | 29 ++++++++++++++++++++---------
 2 files changed, 22 insertions(+), 14 deletions(-)

diff --git a/tinyramfs b/tinyramfs
index d8ca0f6..b52f34f 100755
--- a/tinyramfs
+++ b/tinyramfs
@@ -95,7 +95,7 @@ prepare_environment() {
     elif [ -d /usr/share/tinyramfs ]; then
         filesdir="/usr/share/tinyramfs"
     elif [ -d ./usr/share/tinyramfs ]; then
-        filesdir="./usr/share/initramfs"
+        filesdir="./usr/share/tinyramfs"
     else
         msg panic "failed to find required files"
     fi
@@ -236,11 +236,8 @@ install_luks() {
             install_driver "$_driver"
         done
 
-    # avoid "locking directory missing" warning
-    # message and libgcc_s.so.1 missing error
+    # avoid libgcc_s.so.1 missing error
     # see https://bugs.archlinux.org/task/56771
-    mkdir -p "${workdir}/run/cryptsetup"
-
     [ -e /usr/lib/libgcc_s.so.1 ] &&
         install_library /usr/lib/libgcc_s.so.1
 
diff --git a/usr/share/tinyramfs/init b/usr/share/tinyramfs/init
index b1ef0c8..667bd6b 100644
--- a/usr/share/tinyramfs/init
+++ b/usr/share/tinyramfs/init
@@ -40,10 +40,25 @@ parse_cmdline() {
     done
 }
 
-mount_pseudofs() {
-    mount -t proc     none /proc
-    mount -t sysfs    none /sys
-    mount -t devtmpfs none /dev
+prepare_environment() {
+    /sbin/busybox --install -s
+
+    . /config || panic "failed to source config"
+
+    mount -t proc     -o nosuid,noexec,nodev     proc /proc
+    mount -t sysfs    -o nosuid,noexec,nodev     sys  /sys
+    mount -t tmpfs    -o mode=0755,nosuid,nodev  run  /run
+    mount -t devtmpfs -o mode=0755,noexec,nosuid dev  /dev
+
+    mkdir -pm 0755 /run/cryptsetup /run/lvm /dev/pts /dev/shm
+
+    mount -t devpts -o gid=5,mode=620,noexec,nosuid  devpts /dev/pts
+    mount -t tmpfs  -o mode=1777,noexec,nosuid,nodev shm    /dev/shm
+
+    ln -s /proc/self/fd   /dev/fd
+    ln -s /proc/self/fd/0 /dev/stdin
+    ln -s /proc/self/fd/1 /dev/stdout
+    ln -s /proc/self/fd/2 /dev/stderr
 }
 
 setup_devmgr() {
@@ -135,11 +150,7 @@ boot_system() {
          panic "failed to boot system"
 }
 
-/sbin/busybox --install -s
-
-. /config || panic "failed to source config"
-
-mount_pseudofs
+prepare_environment
 parse_cmdline
 [ "$debug" = 1 ] && set -x
 setup_devmgr