summaryrefslogtreecommitdiffstats
path: root/src/oom
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2024-11-01 10:03:26 +0100
committerLennart Poettering <lennart@poettering.net>2024-11-01 10:05:53 +0100
commit4c9c8b8d09eff18df71ba4aa910df4201f9890a0 (patch)
treea933595636eabb051fa8f3a0835befd058e0a29e /src/oom
parentcoredump: rework protocol between coredump pattern handler and processing ser... (diff)
downloadsystemd-4c9c8b8d09eff18df71ba4aa910df4201f9890a0.tar.xz
systemd-4c9c8b8d09eff18df71ba4aa910df4201f9890a0.zip
coredump: lock down EnterNamespace= mount even more
Let's disable symlink following if we attach a container's mount tree to our own mount namespace. We afte rall mount the tree to a different location in the mount tree than where it was inside the container, hence symlinks (if they exist) will all point to the wrong places (even if relative, some might point to other places). And since symlink attacks are a thing, and we let libdw operate on the tree, let's lock this down as much as we can and simply disable symlink traversal entirely.
Diffstat (limited to 'src/oom')
0 files changed, 0 insertions, 0 deletions