On Thu, Dec 12, 2019 at 04:38:07PM +0000, Dr. David Alan Gilbert (git) wrote: > From: Stefan Hajnoczi <stefa...@redhat.com> > > Use a mount namespace with the shared directory tree mounted at "/" and > no other mounts. > > This prevents symlink escape attacks because symlink targets are > resolved only against the shared directory and cannot go outside it. > > Signed-off-by: Stefan Hajnoczi <stefa...@redhat.com> > Signed-off-by: Peng Tao <tao.p...@linux.alibaba.com> > --- > tools/virtiofsd/passthrough_ll.c | 89 ++++++++++++++++++++++++++++++++ > 1 file changed, 89 insertions(+)
Reviewed-by: Daniel P. Berrangé <berra...@redhat.com> Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
