From 5b36599c0ce35857239c82459828db1ec4215411 Mon Sep 17 00:00:00 2001 From: Patrick Schleizer Date: Fri, 29 Dec 2023 14:57:38 -0500 Subject: [PATCH] /dev/, /dev/shm, /tmp https://github.com/Kicksecure/security-misc/issues/157#issuecomment-1869073716 --- usr/share/doc/security-misc/fstab-vm | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/usr/share/doc/security-misc/fstab-vm b/usr/share/doc/security-misc/fstab-vm index cec3399..e02a087 100644 --- a/usr/share/doc/security-misc/fstab-vm +++ b/usr/share/doc/security-misc/fstab-vm @@ -5,9 +5,11 @@ proc /proc proc nofail,defaults 0 0 /dev /dev devtmpfs nofail,bind,remount,nosuid,noexec 0 0 +#udev /dev devtmpfs defaults,nosuid,noexec 0 0 ## noexec optional /dev/shm /dev/shm tmpfs nofail,nosuid,nodev,noexec 0 0 +#tmpfs /dev/shm tmpfs defaults,nosuid,nodev,noexec 0 0 ## nodev,nosuid,noexec as per: ## https://www.debian.org/doc/manuals/securing-debian-manual/ch04s10.en.html @@ -19,6 +21,7 @@ proc /proc pr ## noexec optional /tmp /tmp tmpfs nofail,bind,nosuid,nodev,noexec 0 0 +#tmpfs /tmp tmpfs defaults,nodev,nosuid,noexec 0 0 /var /var none nofail,bind,nosuid,nodev 0 0 @@ -32,3 +35,6 @@ proc /proc pr ## noexec optional /home /home none nofail,bind,nosuid,nodev,noexec 0 0 + +## TODO: +#/sys