Removing writable permissions in squashfs images vs overlayfs
Peter Naulls
peter at chocky.org
Mon Oct 24 06:39:44 PDT 2022
On 10/23/22 23:35, Phillip Lougher wrote:
> On Thu, Oct 20, 2022 at 6:01 PM Peter Naulls <peter at chocky.org> wrote:
> What you probably want is the following
>
> % mksquashfs test test.sqsh -action "chmod(ugo-w)@perm(/ugo+w)"
It is, fantastic, thank you.
I added to include/image.mk:
--- a/include/image.mk
+++ b/include/image.mk
@@ -76,6 +76,7 @@ SQUASHFS_BLOCKSIZE := $(CONFIG_TARGET_SQUASHFS_BLOCK_SIZE)k
SQUASHFSOPT := -b $(SQUASHFS_BLOCKSIZE)
SQUASHFSOPT += -p '/dev d 755 0 0' -p '/dev/console c 600 0 0 5 1'
SQUASHFSOPT += $(if $(CONFIG_SELINUX),-xattrs,-no-xattrs)
+SQUASHFSOPT += -action 'chmod(ugo-w)@perm(/ugo+w)'
SQUASHFSCOMP := gzip
LZMA_XZ_OPTIONS := -Xpreset 9 -Xe -Xlc 0 -Xlp 2 -Xpb 2
ifeq ($(CONFIG_SQUASHFS_XZ),y)
It sure seems like this could easily be an config option in OpenWrt, either
allowing specific commands here, or some easy presets, or perhaps
platform overrides.
Again, I know this is theater and overlayfs rules here, but it's still important
for my use.
More information about the openwrt-devel
mailing list