mirror of https://github.com/proxmox/mirror_qemu
5baa3b8e95
Use a mount namespace with the shared directory tree mounted at "/" and no other mounts. This prevents symlink escape attacks because symlink targets are resolved only against the shared directory and cannot go outside it. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Peng Tao <tao.peng@linux.alibaba.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> |
||
|---|---|---|
| .. | ||
| 50-qemu-virtiofsd.json.in | ||
| Makefile.objs | ||
| buffer.c | ||
| fuse.h | ||
| fuse_common.h | ||
| fuse_i.h | ||
| fuse_log.c | ||
| fuse_log.h | ||
| fuse_lowlevel.c | ||
| fuse_lowlevel.h | ||
| fuse_misc.h | ||
| fuse_opt.c | ||
| fuse_opt.h | ||
| fuse_signals.c | ||
| fuse_virtio.c | ||
| fuse_virtio.h | ||
| helper.c | ||
| passthrough_helpers.h | ||
| passthrough_ll.c | ||