Use nosuid,noexec mount options on devtmpfs
configname: CONFIG_DEVTMPFS_SAFE
Linux Kernel Configuration
└─>Device Drivers
└─>Generic Driver Options
└─>Use nosuid,noexec mount options on devtmpfs
In linux kernel since version 5.2 (release Date: 2019-07-07)
This instructs the kernel to include the MS_NOEXEC and MS_NOSUID mount
flags when mounting devtmpfs.
Notice: If enabled, things like /dev/mem cannot be mmapped
with the PROT_EXEC flag. This can break, for example, non-KMS
video drivers.
flags when mounting devtmpfs.
Notice: If enabled, things like /dev/mem cannot be mmapped
with the PROT_EXEC flag. This can break, for example, non-KMS
video drivers.