openstack/ansible-hardening
Code Issues Proposed changes

V-38655: Mount w/noexec exception [docs only]

Browse Source 
Implements: blueprint security-hardening

Change-Id: Ice9dbd1cb2e88bf1b733d1447cff4aaa1bdff37f
This commit is contained in:
Major Hayden
2015-10-09 10:59:53 -05:00
parent 241f6cd074
commit 51b147451e
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
doc/source/developer-notes/V-38655.rst Normal file
View File

@@ -0,0 +1,10 @@
**Exception**
Neither Ubuntu nor openstack-ansible will configure any removable media mounts
by default. Deploys are strongly urged to mount any additional disks with the
``noexec`` mount option set.
For more information about the ``noexec`` mount option, review this `good
answer from a ServerFault user about noexec`_.
.. _good answer from a ServerFault user about noexec: http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec