From 03d9d3238eea0ddbffb1f3f71983ec4a8b67ce3c Mon Sep 17 00:00:00 2001
From: Krzesimir Nowak <knowak@microsoft.com>
Date: Thu, 14 Sep 2023 18:13:53 +0200
Subject: [PATCH] overlay profiles: Do not install suid binaries from
 sys-fs/fuse

---
 .../coreos-overlay/profiles/coreos/targets/generic/package.use | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
index a72ba842a9..71dfb579f2 100644
--- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
+++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/generic/package.use
@@ -38,3 +38,6 @@ sys-libs/libseccomp static-libs
 # enable pam
 # no resolutionkms - we provide no graphics
 app-emulation/open-vm-tools -fuse fuse3 -icu pam -resolutionkms
+
+# no suid binaries, please
+sys-fs/fuse -suid