base/init.sh: don't mount /run with noexec, if the initramfs lives there

If the initramfs was built with prefix=/run/... /run can't be mounted with noexec, otherwise no binary can be run. Guard against it by looking where /bin/sh is really located.
8 years ago · db7d61cff7
1 changed files with 6 additions and 1 deletions
--- a/modules.d/99base/init.sh
+++ b/modules.d/99base/init.sh
@ -64,7 +64,12 @@ fi
				@@ -64,7 +64,12 @@ fi

 if ! ismounted /run; then
    mkdir -m 0755 /newrun
-    mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    if ! str_starts "$(readlink -f /bin/sh)" "/run/"; then
+        mount -t tmpfs -o mode=0755,noexec,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    else
+        # the initramfs binaries are located in /run, so don't mount it with noexec
+        mount -t tmpfs -o mode=0755,nosuid,nodev,strictatime tmpfs /newrun >/dev/null
+    fi
    cp -a /run/* /newrun >/dev/null 2>&1
    mount --move /newrun /run
    rm -fr -- /newrun