Add nodev Option to /home

Description

The nodev mount option can be used to prevent device files from being created in /home. Legitimate character and block devices should exist only in the /dev directory on the root partition or within chroot jails built for system services. Add the nodev option to the list of Options in the systemd.mount unit that controls mounting of /home.

Rationale

The only legitimate location for device files is the /dev directory located on the root partition. The only exception to this is chroot jails.

ID: xccdf_org.ssgproject.content_rule_mount_option_home_nodev
Severity: Unknown
References: BP28(R12)

SRG-OS-000368-GPOS-00154

CCE-82740-2
Updated: about 1 year ago