linux-hardened icon indicating copy to clipboard operation
linux-hardened copied to clipboard
verified publisher icon anthraxx

Add runtime read-only mount protection

Open madaidan opened this issue 5 years ago • 1 comments

This creates the fs.romount_protect sysctl to enable read-only mount protection.

If romount_protect is set to (1), filesystems will be protected in the following ways:

  • No new writable mounts will be allowed
  • Existing read-only mounts won't be able to be remounted read/write
  • Write operations will be denied on all block devices

This is based on GRKERNSEC_ROFS.

madaidan avatar Apr 12 '20 22:04 madaidan

please rebase against master

anthraxx avatar Sep 05 '20 00:09 anthraxx