From bf1cd6bdce92d5aa01387aa416bc1b9d792ff0de Mon Sep 17 00:00:00 2001
From: Jiri Kalvoda <jirikalvoda@kam.mff.cuni.cz>
Date: Mon, 25 Sep 2023 09:55:48 +0200
Subject: [PATCH] mount with nosymfollow

Fixing security bug when operating untrusted vms
---
 vm.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vm.py b/vm.py
index c4e8e92..e3c014a 100755
--- a/vm.py
+++ b/vm.py
@@ -317,7 +317,7 @@ def create_from_img(ucred: Ucred, target: str, new_ssh: bool = True, target_name
 
     mount_dir = target_dir+"mount/"
     os.mkdir(mount_dir)
-    r('mount', '-o', 'loop,offset=210763776', '--type', 'ext4', target_dir+'img', mount_dir)
+    r('mount', '-o', 'nosymfollow,loop,offset=210763776', '--type', 'ext4', target_dir+'img', mount_dir)
     try:
         with open(mount_dir+"/etc/hostname", "w") as f: f.write(target_name+"\n")
         if new_ssh:
-- 
GitLab