-
Improve WSL Security with Read-Only Filesystem
By default, all Windows drives are mounted with read & write access (rw) within WSL . Though this is convenient for beginners, it opens up VM shell attacks on your Windows host files.
Instead, we can disable the auto mount feature using
wsl.conf
and selectively add read-only drives inside the WSL VM using/etc/fstab
Overview
- Deactivate “auto mount” in
/etc/wsl.conf
- Enable fstab using
MOUNTfStAB = true
inwsl.conf
- test config files and mounting work well
- reboot the wsl VM to complete the setup
Example WSL Config
wsl.conf
Place this inside the /etc/ directory on the WSL VM
- Deactivate “auto mount” in