mount-passthrough: Mount using 'noexec'. The only executable mounts in Chrome OS should be the ones covered by Verified boot. BUG=chromium:1139408 TEST=ARC works. Change-Id: Icf8672f6cdd45cd1f309786a6edc7c8cc29b0a79 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform2/+/2481350 Commit-Queue: Jorge Lucangeli Obes <jorgelo@chromium.org> Commit-Queue: Yusuke Sato <yusukes@chromium.org> Commit-Queue: Allen Webb <allenwebb@google.com> Tested-by: Jorge Lucangeli Obes <jorgelo@chromium.org> Auto-Submit: Jorge Lucangeli Obes <jorgelo@chromium.org> Reviewed-by: Yusuke Sato <yusukes@chromium.org> Reviewed-by: Allen Webb <allenwebb@google.com>

commit: 0ce0ea32ee14c329235169026cb3d89ef1d3478c [log] [tgz]
author: Jorge Lucangeli Obes <jorgelo@chromium.org> Fri Oct 16 15:07:22 2020 -0400
committer: Commit Bot <commit-bot@chromium.org> Sat Oct 17 06:10:07 2020 +0000
tree: fe2871adc288b9b26005eb6f7684acf6d72befb0
parent: 38c1828cb0ba0fcd326ee9d89eb6fa5ebd77e950 [diff]
diff --git a/arc/mount-passthrough/mount-passthrough.cc b/arc/mount-passthrough/mount-passthrough.cc
index e5d1a80..c56a7ea 100644
--- a/arc/mount-passthrough/mount-passthrough.cc
+++ b/arc/mount-passthrough/mount-passthrough.cc

@@ -433,6 +433,8 @@
       "direct_io",
       "-o",
       fuse_umask_opt.c_str(),
+      "-o",
+      "noexec",
   };
   int fuse_argc = sizeof(fuse_argv) / sizeof(fuse_argv[0]);
commit	0ce0ea32ee14c329235169026cb3d89ef1d3478c	[log] [tgz]
author	Jorge Lucangeli Obes <jorgelo@chromium.org>	Fri Oct 16 15:07:22 2020 -0400
committer	Commit Bot <commit-bot@chromium.org>	Sat Oct 17 06:10:07 2020 +0000
tree	fe2871adc288b9b26005eb6f7684acf6d72befb0
parent	38c1828cb0ba0fcd326ee9d89eb6fa5ebd77e950 [diff]