security
/
fortify
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 14 Wiki Activity

app/seal: skip /mnt in permissive default 

This directory usually contains temporarily mounted stuff and shouldn't get into the sandbox.

Signed-off-by: Ophestra Umiker <cat@ophivana.moe>
This commit is contained in:
Ophestra Umiker 2024-10-13 00:07:48 +09:00
parent b091260fd3
commit c818ea649a
Signed by: cat
SSH Key Fingerprint: SHA256:gQ67O0enBZ7UdZypgtspB2FDM1g3GVw8nX0XSdcFw8Q
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
internal/app/seal.go
View File

@ -134,6 +134,7 @@ func (a *app) Seal(config *Config) error {
case "proc": case "proc":
case "dev": case "dev":
case "run": case "run":
case "mnt":
default: default:
p := "/" + name p := "/" + name
b = append(b, &FilesystemConfig{Src: p, Write: true, Must: true}) b = append(b, &FilesystemConfig{Src: p, Write: true, Must: true})