From 51b147451e069c2220bcf1eb9b02b55b72e68b5a Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Fri, 9 Oct 2015 10:59:53 -0500
Subject: [PATCH] V-38655: Mount w/noexec exception [docs only]

Implements: blueprint security-hardening

Change-Id: Ice9dbd1cb2e88bf1b733d1447cff4aaa1bdff37f
---
 doc/source/developer-notes/V-38655.rst | 10 ++++++++++
 1 file changed, 10 insertions(+)
 create mode 100644 doc/source/developer-notes/V-38655.rst

diff --git a/doc/source/developer-notes/V-38655.rst b/doc/source/developer-notes/V-38655.rst
new file mode 100644
index 00000000..2b363980
--- /dev/null
+++ b/doc/source/developer-notes/V-38655.rst
@@ -0,0 +1,10 @@
+**Exception**
+
+Neither Ubuntu nor openstack-ansible will configure any removable media mounts
+by default. Deploys are strongly urged to mount any additional disks with the
+``noexec`` mount option set.
+
+For more information about the ``noexec`` mount option, review this `good
+answer from a ServerFault user about noexec`_.
+
+.. _good answer from a ServerFault user about noexec: http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec