From 4ec97f2b257f5c9ed7cf6f0245212f4e3eb60c1b Mon Sep 17 00:00:00 2001
From: Nick Kralevich <nnk@google.com>
Date: Tue, 8 Jun 2010 14:40:53 -0700
Subject: [PATCH] Mount /dev with noexec and nosuid

Change-Id: Iea182c1e6a72c281abd17bf83ff765bb9cb59270
---
 init/init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/init/init.c b/init/init.c
index 8f95da78f..726b954ab 100755
--- a/init/init.c
+++ b/init/init.c
@@ -673,7 +673,7 @@ int main(int argc, char **argv)
     mkdir("/proc", 0755);
     mkdir("/sys", 0755);
 
-    mount("tmpfs", "/dev", "tmpfs", 0, "mode=0755");
+    mount("tmpfs", "/dev", "tmpfs", MS_NOEXEC | MS_NOSUID, "mode=0755");
     mkdir("/dev/pts", 0755);
     mkdir("/dev/socket", 0755);
     mount("devpts", "/dev/pts", "devpts", 0, NULL);