#!/bin/sh
source /lib/functions.sh
source /etc/prplconfig

do_remount_tmp_security() {
# remount /tmp with nosuid,noexec,nodev to reduce attack surface 
# all except noexec come by default
# Also set the size, if provided.
    if [ -n "${CONFIG_SAH_BOARD_CONFIGURATOR_TMPFS_DATA_SIZE}" ]; then
        echo "Remounting /tmp with security options and size ${CONFIG_SAH_BOARD_CONFIGURATOR_TMPFS_DATA_SIZE}"
        mount -o remount,rw,nosuid,noexec,nodev,noatime,size=${CONFIG_SAH_BOARD_CONFIGURATOR_TMPFS_DATA_SIZE} /tmp
        # If the size was invalid, try again without the size argument
        if [ "$?" -ne "0" ]; then
            echo "Mounting /tmp with size ${CONFIG_SAH_BOARD_CONFIGURATOR_TMPFS_DATA_SIZE} failed, remounting without size argument"
            mount -o remount,rw,nosuid,noexec,nodev,noatime /tmp
        fi
    else
        echo "Remounting /tmp with security options"
        mount -o remount,rw,nosuid,noexec,nodev,noatime /tmp
    fi
}

boot_hook_add preinit_main do_remount_tmp_security
