pid1: stop making /dev noexecdev-no-noexec

Quoting Andy Lutomirski:
> The upcoming Linux SGX driver has a device node /dev/sgx.  User code opens
> it, does various setup things, mmaps it, and needs to be able to create
> PROT_EXEC mappings.  This gets quite awkward if /dev is mounted noexec.

We already didn't use noexec in spawn, and this extends this behaviour to other
systems.

Afaik, the kernel would refuse execve() on a character or block device
anyway. Thus noexec on /dev matters only for actual binaries copied to /dev,
which requires root privileges in the first place.

We don't do noexec on either /tmp or /dev/shm (because that causes immediate
problems with stuff like Java and cffi). And if you have those two at your
disposal anyway, having noexec on /dev doesn't seem important. So the 'noexec'
attribute on /dev doesn't really mean much, since there are multiple other
similar directories which don't require root privileges to write to.

C.f. https://salsa.debian.org/kernel-team/initramfs-tools/-/commit/33c10ef43b03dc6d9ee09a46c598f6ee34ad0b81.

0 files changed, 0 insertions, 0 deletions