V-3865{2,4}, V-57569: Mounting filesystems

Implements: blueprint security-hardening

Change-Id: I490ee1d330e2bc0e47321a3c0e8340470ec7d865

doc/source/developer-notes/V-38652.rst

@@ -0,0 +1,5 @@
+**Exception**
+
+Although neither Ubuntu 14.04 or openstack-ansible mount remote filesystems
+by default, deployers are urged to use the ``nodev`` option on any remotely
+mounted filesystems whenever possible.

doc/source/developer-notes/V-38654.rst

@@ -0,0 +1,6 @@
+**Exception**
+
+Although neither Ubuntu 14.04 or openstack-ansible mount remote filesystems
+by default, deployers are urged to use the ``nosuid`` option on any remotely
+mounted filesystems whenever possible.
+

doc/source/developer-notes/V-57569.rst

@@ -0,0 +1,6 @@
+**Exception**
+
+Altering partitions and how they are mounted is left up to the deployer
+to configure during the OS installation process.  Mounting ``/tmp/``
+with the ``noexec`` option is highly recommended to prevent scripts
+or binaries from being executed from ``/tmp``.