Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add /efi in the hidding list when (fs=host) #5155

Merged
merged 1 commit into from
Nov 1, 2022
Merged

Add /efi in the hidding list when (fs=host) #5155

merged 1 commit into from
Nov 1, 2022

Conversation

gdonval
Copy link
Contributor

@gdonval gdonval commented Oct 31, 2022

When filesystem=host access is provided, some root folders are hidden, including /boot.

The bootloader specification now recommends mounting the system EFI filesystem in /efi (currently visible) instead of /boot/efi (currently hidden). This hides /efi for the same reasons /boot is already hidden.

@gdonval
Add /efi in the hidding list when (fs=host)
0a9d819 
When filesystem=host access is provided, some root folders are hidden, including /boot.

The bootloader specification now recommends mounting the system EFI filesystem in /efi
(currently visible) instead of /boot/efi (currently hidden). This hides /efi for the same 
reasons /boot is already hidden.
@smcv
Copy link
Collaborator

smcv commented Nov 1, 2022

/efi doesn't really need to be hidden (there's typically nothing secret there, and if there is, the solution is to give it permissions that only allow root access); but it makes sense to keep it consistent with /boot/efi.

@smcv smcv merged commit 397c97d into flatpak:main Nov 1, 2022
@gdonval gdonval deleted the patch-1 branch November 1, 2022 11:28
@gdonval
Copy link
Contributor Author

gdonval commented Nov 1, 2022

/efi doesn't really need to be hidden

No argument about this: in a typical, reasonably-configured, system, providing /efi certainly does no harm. The same could be said for /boot, /var or /etc though. I know most of it is to avoid conflicts with in-flatpak layout but still: it is nice not to provide access to unnecessary parts and the coding cost is basically nothing so even on misconfigured systems, accidentally fiddling with the EFI System partition won't happen.

Anyway, thanks for merging! :)

smcv added a commit that referenced this pull request Nov 17, 2022
@smcv
doc: Update flatpak-metadata(5) for #5155
db77992 
Signed-off-by: Simon McVittie <[email protected]>
smcv added a commit that referenced this pull request Nov 17, 2022
@smcv
doc: Update flatpak-metadata(5) for #5155
0033d1a 
Signed-off-by: Simon McVittie <[email protected]>
(cherry picked from commit db77992)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TingPing TingPing TingPing approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@gdonval @smcv @TingPing