On 2020-11-13, Igor Zhbanov <izh1979@xxxxxxxxx> wrote: > I want to implement 2 new mount options: "no_symlink" and "no_new_symlink". > The "nosymlink" option will act like "nodev", i.e. it will ignore all created > symbolic links. nosymlink has already been implemented (though the name "nosymfollow" was used to match that corresponding FreeBSD mount option) by Ross Zwisler and is in Al's tree[1]. > And the option "no_new_symlink" is for more relaxed configuration. It will > allow to follow already existing symbolic links but forbid to create new. > It could be useful to remount filesystem after system upgrade with this option. This seems less generally useful than nosymfollow and it doesn't really match any other inode-type-blocking mount options. You could also implement this using existing facilities (seccomp and AppArmor), so I'm not sure much is gained by making this a separate mount option. [1]: https://lkml.kernel.org/lkml/20200827201015.GC1236603@xxxxxxxxxxxxxxxxxx/ -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
