Kernel+Base: Mount root as nodev,nosuid

Then bind-mount /dev and /bin while adding back the appropriate permissions :^)

Base/etc/fstab

@@ -1,4 +1,10 @@
-/dev/hda	/	ext2
+# Root file system. This is a fake entry which gets ignored by `mount -a`;
+# the actual logic for mounting root is in the kernel.
+/dev/hda	/	ext2	nodev,nosuid
+# Remount /bin and /dev while adding the appropriate permissions.
+/dev	/dev	bind	bind,nosuid
+/bin	/bin	bind	bind,nodev
+
 proc	/proc	proc	nosuid
 devpts	/dev/pts	devpts	noexec,nosuid
 tmp	/tmp	tmp	nodev,nosuid

Kernel/FileSystem/VirtualFileSystem.cpp

@@ -89,7 +89,7 @@ bool VFS::mount_root(FS& file_system)
         return false;
     }
 
-    Mount mount { file_system, nullptr, 0 };
+    Mount mount { file_system, nullptr, MS_NODEV | MS_NOSUID };
 
     auto root_inode_id = mount.guest().fs()->root_inode();
     auto root_inode = mount.guest().fs()->get_inode(root_inode_id);
@@ -668,7 +668,7 @@ void VFS::sync()
 Custody& VFS::root_custody()
 {
     if (!m_root_custody)
-        m_root_custody = Custody::create(nullptr, "", *m_root_inode, 0);
+        m_root_custody = Custody::create(nullptr, "", *m_root_inode, MS_NODEV | MS_NOSUID);
     return *m_root_custody;
 }