file-systems: Use ‘no-suid’ and ’no-dev’ for /tmp in the live system.

* gnu/system/file-systems.scm (%base-live-file-systems): Add ‘flags’. Change-Id: I873d9cddd4d7c495d7e2daad0d8528c085a96841
author: Ludovic Courtès <ludo@gnu.org> 2025-08-29 11:37:10 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2025-09-17 11:55:14 +0200
commit: b71c347e3ca4b4ca5bc2a6b48f7a1d93f9301655 (patch)
tree: 49820bb031c63a8136c7eef01df7050bc691292a /gnu/system
parent: c52a9cee53db1e16df0c23ec10e352248e5372f8 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 4ea8237c70d..06c89d33eef 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013-2022, 2025 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2020 Google LLC
 ;;; Copyright © 2020 Jakub Kądziołka <kuba@kadziolka.net>
 ;;; Copyright © 2020, 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
@@ -517,6 +517,7 @@ TARGET in the other system."
           (mount-point "/tmp")
           (device "none")
           (type "tmpfs")
+          (flags '(no-suid no-dev))
           (check? #f))))
 
 ;; File systems for Linux containers differ from %base-file-systems in that
author	Ludovic Courtès <ludo@gnu.org>	2025-08-29 11:37:10 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2025-09-17 11:55:14 +0200
commit	b71c347e3ca4b4ca5bc2a6b48f7a1d93f9301655 (patch)
tree	49820bb031c63a8136c7eef01df7050bc691292a /gnu/system
parent	c52a9cee53db1e16df0c23ec10e352248e5372f8 (diff)