diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-03-07 10:18:09 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-03-09 21:56:42 +0100 |
| commit | 254e392e73bd47ebc85b651bc9a91b53e987d1ae (patch) | |
| tree | 1cd40493825d72a6ade6890db7e6cd71748912cd /src/shared/dissect-image.h | |
| parent | c571dee74bf5bea67bbe94e3734d19b1092765dd (diff) | |
| download | systemd-254e392e73bd47ebc85b651bc9a91b53e987d1ae.tar.gz | |
dissect-image: set MS_NOSYMFOLLOW for ESP/XBOOTLDR
When we mount a DDI, let's set MS_NOSYMFOLLOW for ESP/XBOOTLDR. They are
generally untrusted territory, (i.e. outside of
encryption/authentication via dm-crypt/dm-verity). Moreover they are
generally FAT, where symlinks don't exist anyway. Let's hence disable
symlinks for them.
This slightly refactors how we put together mount options for mounts,
splitting this out into a new helper call
dissected_partition_pick_options(), which we should be able to reuse
later in gpt-auto-generator, to ensure mounts via loopback as DDI and
those on bare metal get the same options.
Diffstat (limited to 'src/shared/dissect-image.h')
| -rw-r--r-- | src/shared/dissect-image.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/shared/dissect-image.h b/src/shared/dissect-image.h index ff69ec4539..2e741e8267 100644 --- a/src/shared/dissect-image.h +++ b/src/shared/dissect-image.h @@ -194,6 +194,8 @@ int dissect_fstype_ok(const char *fstype); int probe_sector_size(int fd, uint32_t *ret); int probe_sector_size_prefer_ioctl(int fd, uint32_t *ret); +int partition_pick_mount_options(PartitionDesignator d, const char *fstype, bool rw, bool discard, char **ret_options, unsigned long *ret_ms_flags); + static inline const char *dissected_partition_fstype(const DissectedPartition *m) { assert(m); |