~ruther/guix-local: file-systems: Use ‘no-suid’ and ’no-dev’ for /tmp in the live system.

b71c347e3ca4b4ca5bc2a6b48f7a1d93f9301655 — Ludovic Courtès 7 months ago c52a9ce

file-systems: Use ‘no-suid’ and ’no-dev’ for /tmp in the live system.

* gnu/system/file-systems.scm (%base-live-file-systems): Add ‘flags’.

Change-Id: I873d9cddd4d7c495d7e2daad0d8528c085a96841

patch browse .tar.gz

1 files changed, 2 insertions(+), 1 deletions(-)

M gnu/system/file-systems.scm

M gnu/system/file-systems.scm => gnu/system/file-systems.scm +2 -1

@@ 1,5 1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013-2022, 2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Google LLC
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>


@@ 517,6 517,7 @@ TARGET in the other system."
           (mount-point "/tmp")
           (device "none")
           (type "tmpfs")
+          (flags '(no-suid no-dev))
           (check? #f))))
 
 ;; File systems for Linux containers differ from %base-file-systems in that