vm-secure: add nodev,noexec,nosuid mount flags (!2947) · Merge requests · GNOME / gnome-build-meta

rose requested to merge axtloss/gnome-build-meta:axtloss/noexec-root into master Jun 13, 2024

Adds the nodev, noexec and nosuid mount flags to the root mounts. To ensure that system flatpak installations still work, a tmpfiles configuration is added which creates /var/lib/flatpak as a subvolume, which then gets mounted with only nodev and nosuid.

vm-secure: add nodev,noexec,nosuid mount flags

Merge request reports