noexec on /dev/shm

Mon Dec 13 13:37:15 UTC 2010

On Sun, Dec 12, 2010 at 07:49:27PM -0800, John Reiser wrote:
> How did /dev/shm get noexec in Fedora 15 rawhide?
>    $ grep /dev/shm /proc/mounts
>    tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
>    $ grep -srl noexec /etc
>    /etc/alternatives/ld
>    /etc/fstab   ## derived from /proc/mounts
>    /etc/mtab    ## derived from /proc/mounts
> 
> This is a change from Fedora 14, and I cannot find documentation.
> The only 'noexec' that I can find in the source to systemd-15
> is two mentions in units/var-{lock,run}.mount.

the MS_NOEXEC flags is in private systemd fstab, see
systemd/src/mount-setup.c:

static const MountPoint mount_table[] = {
        { "proc",     "/proc",                  "proc",     NULL,                MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "sysfs",    "/sys",                   "sysfs",    NULL,                MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "devtmpfs", "/dev",                   "devtmpfs", "mode=755",          MS_NOSUID,                    true },
        { "tmpfs",    "/dev/shm",               "tmpfs",    "mode=1777",         MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "devpts",   "/dev/pts",               "devpts",   NULL,                MS_NOSUID|MS_NOEXEC,          false },
        { "tmpfs",    "/sys/fs/cgroup",         "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
        { "cgroup",   "/sys/fs/cgroup/systemd", "cgroup",   "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
};

> As a site administrator, how can I change the default to omit 'noexec'?

 mount -o remount,exec ?

    Karel

-- 
 Karel Zak  <kzak at redhat.com>
 http://karelzak.blogspot.com