From d47ee10a87835a5a65c3f4b8734dcde1afc0ce16 Mon Sep 17 00:00:00 2001 From: inference Date: Tue, 13 Feb 2024 02:53:22 +0000 Subject: [PATCH] Add `nosuid` to "/boot/" Prevent setting setuid bit on files within the boot device since it holds no userspace executables. --- aa000-0/fstab | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aa000-0/fstab b/aa000-0/fstab index b62dae2..1ff1738 100644 --- a/aa000-0/fstab +++ b/aa000-0/fstab @@ -1,6 +1,6 @@ # Inferencium - aa000-0 # Filesystem Table -# Version: 4.0.0-alpha.7 +# Version: 4.0.0-alpha.8 # Copyright 2023 Jake Winters # SPDX-License-Identifier: BSD-3-Clause @@ -13,7 +13,7 @@ # Local filesystems ## /boot/ -UUID=[REDACTED] /boot/ vfat noauto,noatime,noexec 1 2 +UUID=[REDACTED] /boot/ vfat noauto,noatime,noexec,nosuid 1 2 ## swap /dev/mapper/swap none swap defaults 0 0 ## /