Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-02 11:16:06 -04:00
Code Issues Projects Releases Packages Wiki Activity

remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)

Browse source 
https://forums.whonix.org/t/re-mount-home-and-other-with-noexec-and-nosuid-among-other-useful-mount-options-for-better-security/7707
This commit is contained in:
Patrick Schleizer 2019-12-06 05:14:02 -05:00
parent 8cf5ed990a
commit 470cad6e91
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
3 changed files with 105 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

17
lib/systemd/system/remount-secure.service Normal file
View file

@ -0,0 +1,17 @@
## Copyright (C) 2012 - 2019 ENCRYPTED SUPPORT LP <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
[Unit]
Description=remount /home /tmp /dev/shm /run with nosuid,nodev (default) and noexec (opt-in)
Documentation=https://github.com/Whonix/security-misc
DefaultDependencies=no
Before=sysinit.target
Requires=local-fs.target
After=local-fs.target
[Service]
Type=oneshot
ExecStart=/usr/lib/security-misc/remount-secure
[Install]
WantedBy=sysinit.target