From 7bae8ae3536596b702f11bfd3369867b1f5ff9f4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
 <marmarek@invisiblethingslab.com>
Date: Mon, 1 Dec 2014 20:12:45 +0100
Subject: [PATCH] debian: do not give access to host /run

---
 scripts_debian/02_install_groups.sh | 3 ++-
 scripts_debian/04_install_qubes.sh  | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh
index 5439819..7c1d4ca 100755
--- a/scripts_debian/02_install_groups.sh
+++ b/scripts_debian/02_install_groups.sh
@@ -28,7 +28,8 @@ fi
 # ------------------------------------------------------------------------------
 # Mount system mount points
 # ------------------------------------------------------------------------------
-for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
+for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
+mount -t tmpfs none "${INSTALLDIR}/run"
 
 # ------------------------------------------------------------------------------
 # Execute any template flavor or sub flavor 'pre' scripts
diff --git a/scripts_debian/04_install_qubes.sh b/scripts_debian/04_install_qubes.sh
index d29b960..6f0d020 100755
--- a/scripts_debian/04_install_qubes.sh
+++ b/scripts_debian/04_install_qubes.sh
@@ -27,7 +27,8 @@ fi
 # ------------------------------------------------------------------------------
 # Mount system mount points
 # ------------------------------------------------------------------------------
-for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
+for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
+mount -t tmpfs none "${INSTALLDIR}/run"
 
 # ------------------------------------------------------------------------------
 # Execute any template flavor or sub flavor 'pre' scripts