core20
core20 copied to clipboard
static/writable-paths: set safer options for tmpfs mounts
Set safer options for mount points backed by tmpfs, so we make sure that nosuid,nodev are set. The options are the default ones recommended by systemd (see /usr/share/systemd/tmp.mount) and we were actually using them already for /tmp in the initramfs.
I've removed the change for /var/lib/sudo
as anyway that folder can be used only by root.