#!/bin/sh
source /lib/functions.sh

do_mount_pstore_security() {
# mount /sys/fs/pstore with nosuid,nodev,noexec to reduce attack surface 
# all except noatime come by default
    if [ -d "/sys/fs/pstore" ]; then
        echo "Mounting /sys/fs/pstore with security options"
        mount -o nosuid,nodev,noexec,noatime -t pstore pstore /sys/fs/pstore
    else
        echo "No need to mount /sys/fs/pstore since it doesn't exist"
    fi
}

boot_hook_add preinit_main do_mount_pstore_security
