Given the fact that upstream systemd intentionally dropped MS_NOEXEC from the /dev mount flags[1], and Debian did something similar[2], I am marking this "Won't Fix" for systemd.
I don't see enough of a reason for Ubuntu to deviate here (at least in src:systemd). If anyone wants to push the case further in systemd, I suggest taking that upstream. [1] https://github.com/systemd/systemd/commit/4eb105fa4aae30566d23382e8c9430eddf1a3dd4 [2] https://salsa.debian.org/kernel-team/initramfs-tools/-/commit/33c10ef43b03dc6d9ee09a46c598f6ee34ad0b81 ** Changed in: systemd (Ubuntu) Status: New => Won't Fix -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1991975 Title: dev file system is mounted without nosuid or noexec To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1991975/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
