From b71c347e3ca4b4ca5bc2a6b48f7a1d93f9301655 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
Date: Fri, 29 Aug 2025 11:37:10 +0200
Subject: [PATCH] =?UTF-8?q?file-systems:=20Use=20=E2=80=98no-suid=E2=80=99?=
 =?UTF-8?q?=20and=20=E2=80=99no-dev=E2=80=99=20for=20/tmp=20in=20the=20liv?=
 =?UTF-8?q?e=20system.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* gnu/system/file-systems.scm (%base-live-file-systems): Add ‘flags’.

Change-Id: I873d9cddd4d7c495d7e2daad0d8528c085a96841
---
 gnu/system/file-systems.scm | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 4ea8237c70def08fa05c0e09bfe1b00bc4f54596..06c89d33eef101a9a9d17296d24aebbcc1dfe8de 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013-2022, 2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Google LLC
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
@@ -517,6 +517,7 @@ TARGET in the other system."
           (mount-point "/tmp")
           (device "none")
           (type "tmpfs")
+          (flags '(no-suid no-dev))
           (check? #f))))
 
 ;; File systems for Linux containers differ from %base-file-systems in that