(re-)mount home [and other?] with noexec (and nosuid [among other useful mount options]) for better security?

Development
,
3

On subject of drop-in files for systemd unit files.

Qubes has:

/lib/systemd/system/tmp.mount.d/30_qubes.conf

qubes-core-agent-linux/vm-systemd/tmp.mount.d/30_qubes.conf at master · adrelanos/qubes-core-agent-linux · GitHub

[Mount]
# Default initial size is '50%' (of physical RAM at system startup)
# Because of memory ballooning this happen to be very low number
Options=mode=1777,strictatime,size=1G

Dunno if that works though.

mount | grep -i strictatime

No output.

1 Like