5.3 tmpfs mount permissions

[Giorgos Keramidas]

On 2004-11-07 14:52, "J.D. Bronson" <jbronson at wixb.com> wrote:
> I setup /etc/rc.conf as follows:
>
> tmpmfs="YES"
> tmpsize="512m"
>
> and it works - but I want to mount tmp with some additional
> options and wondering how to edit /etc/rc.d/tmp to accommodate this?
>
> I would like to add this: noexec,nosuid,nodev,nosymfollow
> when /tmp is mounted as tmpfs.

I see no way to pass extra options to mdmfs from `/etc/rc.d/tmp'.  One
way to do this is to modify /etc/rc.d/tmp locally, but this will create
maintenance work for every mergemaster run you do in the future.

> Can anyone offer some advice - thanks :)

The following patch is against CURRENT.  Does this look like a good thing to
you?  If it does, we could ask our rc.d gurus for their approval to commit it
to the tree.

Then, all you'd have to do to pass special options to the tmpmfs mount would
be to add something like this to your `rc.conf':

	tmpoptions="noexec,nosuid,nodev,nosymfollow"

----- tmpmfs-options.patch begins here -----
Index: etc/rc.subr
===================================================================
RCS file: /home/ncvs/src/etc/rc.subr,v
retrieving revision 1.31
diff -u -r1.31 rc.subr
--- etc/rc.subr	30 Jul 2004 17:19:35 -0000	1.31
+++ etc/rc.subr	7 Nov 2004 23:55:27 -0000
@@ -1290,11 +1290,15 @@
 #   $1 = size
 #   $2 = mount point
 #   $3 = (optional) bytes-per-inode
+#   $4 = extra options
 mount_md() {
+	if [ -n "$4" ]; then
+		opt="-o $4"
+	fi
 	if [ -n "$3" ]; then
 		bpi="-i $3"
 	fi
-	/sbin/mdmfs $bpi -s $1 -M md $2
+	/sbin/mdmfs $bpi $opt -s $1 -M md $2
 }
 
 fi
Index: etc/defaults/rc.conf
===================================================================
RCS file: /home/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.229
diff -u -r1.229 rc.conf
--- etc/defaults/rc.conf	4 Nov 2004 13:33:29 -0000	1.229
+++ etc/defaults/rc.conf	7 Nov 2004 23:57:34 -0000
@@ -40,6 +40,7 @@
 removable_interfaces=""	# Removable network interfaces for /etc/pccard_ether.
 tmpmfs="AUTO"		# Set to YES to always create an mfs /tmp, NO to never
 tmpsize="20m"		# Size of mfs /tmp if created
+tmpoptions=""		# extra mount options for tmpfs
 varmfs="AUTO"		# Set to YES to always create an mfs /var, NO to never
 varsize="32m"		# Size of mfs /var if created
 populate_var="AUTO"	# Set to YES to always (re)populate /var, NO to never
Index: etc/rc.d/tmp
===================================================================
RCS file: /home/ncvs/src/etc/rc.d/tmp,v
retrieving revision 1.34
diff -u -r1.34 tmp
--- etc/rc.d/tmp	7 Oct 2004 13:55:26 -0000	1.34
+++ etc/rc.d/tmp	7 Nov 2004 23:56:31 -0000
@@ -56,7 +56,7 @@
 			echo "dropping into shell, ^D to continue anyway."
 			/bin/sh
 		else
-			mount_md ${tmpsize} /tmp
+			mount_md ${tmpsize} /tmp ${tmpoptions}
 			chmod 01777 /tmp
 		fi
 	fi
Index: share/man/man5/rc.conf.5
===================================================================
RCS file: /home/ncvs/src/share/man/man5/rc.conf.5,v
retrieving revision 1.235
diff -u -r1.235 rc.conf.5
--- share/man/man5/rc.conf.5	4 Nov 2004 13:33:29 -0000	1.235
+++ share/man/man5/rc.conf.5	8 Nov 2004 00:00:13 -0000
@@ -240,6 +240,12 @@
 Controls the size of a created
 .Pa /tmp
 memory file system.
+.It Va tmpoptions
+Controls the
+.Xr mount 8
+options of a created
+.Pa /tmp
+memory file system.
 .It Va varmfs
 Controls the creation of a
 .Pa /var
@@ -3109,6 +3115,7 @@
 .Xr kldxref 8 ,
 .Xr lpd 8 ,
 .Xr mdconfig 8 ,
+.Xr mount 8 ,
 .Xr mountd 8 ,
 .Xr moused 8 ,
 .Xr mrouted 8 ,
----- tmpmfs-options.patch ends here -----