From 770b37ae166a18f495865e96ccafc6f9fb9f4e88 Mon Sep 17 00:00:00 2001 From: Ophestra Date: Sun, 23 Mar 2025 13:57:30 +0900 Subject: [PATCH] sandbox/vfs: match MS_NOSYMFOLLOW flag Signed-off-by: Ophestra --- sandbox/vfs/mountinfo.go | 6 ++++++ sandbox/vfs/mountinfo_test.go | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/sandbox/vfs/mountinfo.go b/sandbox/vfs/mountinfo.go index b263412..c834b0e 100644 --- a/sandbox/vfs/mountinfo.go +++ b/sandbox/vfs/mountinfo.go @@ -11,6 +11,10 @@ import ( "syscall" ) +const ( + MS_NOSYMFOLLOW = 0x100 +) + var ( ErrMountInfoFields = errors.New("unexpected field count") ErrMountInfoEmpty = errors.New("unexpected empty field") @@ -75,6 +79,8 @@ func (e *MountInfoEntry) Flags() (flags uintptr, unmatched []string) { flags |= syscall.MS_NODEV case "noexec": flags |= syscall.MS_NOEXEC + case "nosymfollow": + flags |= MS_NOSYMFOLLOW case "noatime": flags |= syscall.MS_NOATIME case "nodiratime": diff --git a/sandbox/vfs/mountinfo_test.go b/sandbox/vfs/mountinfo_test.go index 4863af6..ee43883 100644 --- a/sandbox/vfs/mountinfo_test.go +++ b/sandbox/vfs/mountinfo_test.go @@ -130,7 +130,7 @@ id 20 0:53 / /mnt/test rw,relatime shared:212 - tmpfs rw m(44, 41, 0, 36, "/", "/home/kzak/.gvfs", "rw,nosuid,nodev,relatime", o(), "fuse.gvfs-fuse-daemon", "gvfs-fuse-daemon", "rw,user_id=500,group_id=500", syscall.MS_NOSUID|syscall.MS_NODEV|syscall.MS_RELATIME, nil), m(45, 20, 0, 37, "/", "/var/lib/nfs/rpc_pipefs", "rw,relatime", o(), "rpc_pipefs", "sunrpc", "rw", syscall.MS_RELATIME, nil), m(47, 20, 0, 38, "/", "/mnt/sounds", "rw,relatime", o(), "cifs", "//foo.home/bar/", "rw,unc=\\\\foo.home\\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344", syscall.MS_RELATIME, nil), - m(49, 20, 0, 56, "/", "/mnt/test/foobar", "rw,relatime", o("shared:323"), "tmpfs", "tmpfs", "rw", syscall.MS_RELATIME, nil), + m(49, 20, 0, 56, "/", "/mnt/test/foobar", "rw,relatime,nosymfollow", o("shared:323"), "tmpfs", "tmpfs", "rw", syscall.MS_RELATIME|vfs.MS_NOSYMFOLLOW, nil), }, nil, nil}, {"sample nosrc", sampleMountinfoNoSrc, nil, "", []*wantMountInfo{ @@ -392,7 +392,7 @@ const ( 44 41 0:36 / /home/kzak/.gvfs rw,nosuid,nodev,relatime - fuse.gvfs-fuse-daemon gvfs-fuse-daemon rw,user_id=500,group_id=500 45 20 0:37 / /var/lib/nfs/rpc_pipefs rw,relatime - rpc_pipefs sunrpc rw 47 20 0:38 / /mnt/sounds rw,relatime - cifs //foo.home/bar/ rw,unc=\\foo.home\bar,username=kzak,domain=SRGROUP,uid=0,noforceuid,gid=0,noforcegid,addr=192.168.111.1,posixpaths,serverino,acl,rsize=16384,wsize=57344 -49 20 0:56 / /mnt/test/foobar rw,relatime shared:323 - tmpfs tmpfs rw` +49 20 0:56 / /mnt/test/foobar rw,relatime,nosymfollow shared:323 - tmpfs tmpfs rw` sampleMountinfoNoSrc = `15 20 0:3 / /proc rw,relatime - proc /proc rw 16 20 0:15 / /sys rw,relatime - sysfs /sys rw