On Thu, Jan 30, 2020 at 05:27:50PM -0700, Ross Zwisler wrote: > For mounts that have the new "nosymfollow" option, don't follow > symlinks when resolving paths. The new option is similar in spirit to > the existing "nodev", "noexec", and "nosuid" options. Various BSD > variants have been supporting the "nosymfollow" mount option for a > long time with equivalent implementations. > > Note that symlinks may still be created on file systems mounted with > the "nosymfollow" option present. readlink() remains functional, so > user space code that is aware of symlinks can still choose to follow > them explicitly. > > Setting the "nosymfollow" mount option helps prevent privileged > writers from modifying files unintentionally in case there is an > unexpected link along the accessed path. The "nosymfollow" option is > thus useful as a defensive measure for systems that need to deal with > untrusted file systems in privileged contexts. The openat2 series was just merged yesterday which includes a LOOKUP_NO_SYMLINKS option. Is this enough for your needs, or do you need the mount option? https://lore.kernel.org/linux-fsdevel/20200129142709.GX23230@xxxxxxxxxxxxxxxxxx/
