X-Git-Url: https://git.ralfj.de/schsh.git/blobdiff_plain/9e146c79ee753130f6cd89009d3b6057f96ca111..c8435c302e51661e0bcf1a1e27da67f0f2eddf32:/schroot/schsh/schsh-hardening?ds=sidebyside

diff --git a/schroot/schsh/schsh-hardening b/schroot/schsh/schsh-hardening
new file mode 100644
index 0000000..077d4cd
--- /dev/null
+++ b/schroot/schsh/schsh-hardening
@@ -0,0 +1,12 @@
+# Describes how to re-mount some filesystems, if they happen to exist
+# Format: Mount-Point <TAB> remount-options
+/				bind,ro,nosuid,noexec
+/bin 			bind,ro,nosuid,nodev
+/lib	 		bind,ro,nosuid,nodev
+/lib64			bind,ro,nosuid,nodev
+/usr/bin 		bind,ro,nosuid,nodev
+/usr/lib		bind,ro,nosuid,nodev
+/usr/lib64		bind,ro,nosuid,nodev
+/usr/share		bind,ro,nosuid,nodev
+/usr/local/bin 	bind,ro,nosuid,nodev
+/data			bind,rw,nosuid,nodev,noexec