File 0270-99base-init-mount-with-sane-defaults.patch of Package dracut

From 0269b775fce0d996bf75f14dc4ac1f28396ac4b2 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Thu, 1 Mar 2012 18:21:11 +0100
Subject: [PATCH] 99base/init: mount with sane defaults

---
 modules.d/99base/init | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/modules.d/99base/init b/modules.d/99base/init
index 1306d21..b93cb8e 100755
--- a/modules.d/99base/init
+++ b/modules.d/99base/init
@@ -74,14 +74,14 @@ RDDEBUG=""
 mknod -m 0666 /dev/null c 1 3
 
 # mount some important things
-mount -t proc /proc /proc >/dev/null 2>&1
-mount -t sysfs /sys /sys >/dev/null 2>&1
+mount -t proc -o nosuid,noexec,nodev proc /proc >/dev/null 2>&1
+mount -t sysfs -o nosuid,noexec,nodev sysfs /sys >/dev/null 2>&1
 
 if [ ! -c /dev/ptmx ]; then
     # try to mount devtmpfs
-    if ! mount -t devtmpfs -omode=0755 udev /dev >/dev/null 2>&1; then
+    if ! mount -t devtmpfs -o mode=0755,nosuid devtmpfs /dev >/dev/null 2>&1; then
         # if it failed fall back to normal tmpfs
-	mount -t tmpfs -omode=0755 udev /dev >/dev/null 2>&1 
+	mount -t tmpfs -omode=0755,nosuid tmpfs /dev >/dev/null 2>&1 
 	# Make some basic devices first, let udev handle the rest
 	mknod -m 0666 /dev/null c 1 3
 	mknod -m 0666 /dev/ptmx c 5 2
@@ -106,7 +106,7 @@ setdebug
 mkdir /dev/shm
 mkdir /dev/pts
 mount -t devpts -o gid=5,mode=620 devpts /dev/pts >/dev/null 2>&1
-mount -t tmpfs tmpfs /dev/shm >/dev/null 2>&1
+mount -t tmpfs -o mode=1777,nosuid,nodev tmpfs /dev/shm >/dev/null 
 
 UDEVVERSION=$(udevadm --version)
 
-- 
1.8.3.1