Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

cannot mount options harden separate /home volume? #161

Closed
adrelanos opened this issue Nov 6, 2023 · 2 comments
Closed

cannot mount options harden separate /home volume? #161

adrelanos opened this issue Nov 6, 2023 · 2 comments

Comments

@adrelanos
Copy link
Member

Like if the user has a seperate /home volume, we can't harden it with our custom systemd unit. I think the reason behind this is, systemd dynamically overrides our unit with the unit it auto generates from fstab on startup.

Originally posted by @monsieuremre in #157 (comment)
@adrelanos adrelanos mentioned this issue Nov 6, 2023
Open
@adrelanos
Copy link
Member Author

Sure?

The dracut based implementation used to harden /home. There does not seem to be anything special with /home.

Otherwise the code would need some debugging. Write the output of findmnt --list to a file or output it to stdout so the systemd journal picks it up.

After the system completed booting, findmnt --list can be run again and the two different outputs can be compared. That would show if the initial mount hardening is failing or if indeed something else later reverts it.

@adrelanos
Copy link
Member Author

No longer an issue.
new plan:
#157 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@adrelanos