Reduced root directory privileges (#15147)
#### Why I did it Reduced root directory privileges #### How I did it During build_debian - called chroot to reduce root directory and its subdirectories privileges to 744 #### How to verify it After image build and upgrade - check /root privileges by calling "ls -a /root" #### Description for the changelog reduced /root directory privileges
This commit is contained in:
parent
c970ee0f42
commit
05bbf72c86
@ -786,6 +786,9 @@ sudo cp files/image_config/resolv-config/resolv.conf.head $FILESYSTEM_ROOT/etc/r
|
||||
|
||||
sudo mksquashfs $FILESYSTEM_ROOT $FILESYSTEM_SQUASHFS -comp zstd -b 1M -e boot -e var/lib/docker -e $PLATFORM_DIR
|
||||
|
||||
## Reduce /boot permission
|
||||
sudo chmod -R go-wx $FILESYSTEM_ROOT/boot
|
||||
|
||||
# Ensure admin gid is 1000
|
||||
gid_user=$(sudo LANG=C chroot $FILESYSTEM_ROOT id -g $USERNAME) || gid_user="none"
|
||||
if [ "${gid_user}" != "1000" ]; then
|
||||
|
Loading…
Reference in New Issue
Block a user