msw/CISS.debian.live.builder
SHA256
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

V8.13.440.2025.11.19

Browse Source 
Signed-off-by: Marc S. Weidner <msw@coresecret.dev>
This commit is contained in:
Marc S. Weidner
2025-11-19 16:21:33 +00:00
parent 3132c53b85
commit 793bf07e18
9 changed files with 61 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
config/includes.chroot/usr/lib/live/boot/0022-ciss-overlay-tmpfs
View File

@@ -26,17 +26,18 @@ OVERLAY_BASE="/run/live/overlay"
UPPER="${OVERLAY_BASE}/upper"
WORK="${OVERLAY_BASE}/work"
### Size policy: hard ceiling to mitigate RAM-filling DoS; tune to your ISO profile.
### Size policy: hard ceiling to mitigate RAM-filling DoS; tune to your ISO profile. -------------------------------------------
: "${CDLB_OVERLAY_TMPFS_SIZE:=70%}"
### Create a base dir with restrictive perms.
### Create a base dir with restrictive perms. ----------------------------------------------------------------------------------
# shellcheck disable=SC2174
mkdir -p -m 0700 "${OVERLAY_BASE}"
### Mount dedicated tmpfs with strict flags; 'noexec' here blocks accidental execs from the raw tmpfs path.
### Mount dedicated tmpfs with strict flags; 'noexec' here blocks accidental execs from the raw tmpfs path. --------------------
mount -t tmpfs -o "size=${CDLB_OVERLAY_TMPFS_SIZE},mode=0700,nosuid,nodev,noexec" tmpfs "${OVERLAY_BASE}"
printf "\e[92m[INFO] mount -t tmpfs -o \"size=%s,mode=0700,nosuid,nodev,noexec\" tmpfs \"%s\" \n\e[0m" "${CDLB_OVERLAY_TMPFS_SIZE}" "${OVERLAY_BASE}"
# Prepare upper/work with tight perms.
### Prepare upper /work with tight perms. -------------------------------------------------------------------------------------
# shellcheck disable=SC2174
mkdir -p -m 0700 "${UPPER}" "${WORK}"