On Thu, Dec 12, 2019 at 04:38:07PM +0000, Dr. David Alan Gilbert (git) wrote: > From: Stefan Hajnoczi <[email protected]> > > Use a mount namespace with the shared directory tree mounted at "/" and > no other mounts. > > This prevents symlink escape attacks because symlink targets are > resolved only against the shared directory and cannot go outside it. > > Signed-off-by: Stefan Hajnoczi <[email protected]> > Signed-off-by: Peng Tao <[email protected]> > --- > tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++ > 1 file changed, 89 insertions(+)
Reviewed-by: Daniel P. Berrangé <[email protected]> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
