RHEL 9 must mount /boot with the nodev option.

An XCCDF Rule

Description

The only legitimate location for device files is the "/dev" directory located on the root partition. The only exception to this is chroot jails.

ID: SV-257860r1044940_rule
Version: RHEL-09-231095
Severity: Medium
References: CCI-001764
Updated: about 2 months ago

Remediation Templates

Modify "/etc/fstab" to use the "nodev" option on the "/boot" directory.