Skip to content
/ securefs Public

Secure Linux file system operations scoped to an arbitrary root directory, without chroot

License

MIT license
35 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

orbstack/securefs

1 Branch0 Tags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

kdrag0nkdrag0n
Fix typo
Jul 28, 2023
d10dc69 · Jul 28, 2023

History

3 Commits
internal/syncx
internal/syncx
Jul 24, 2023
LICENSE
LICENSE
Jul 24, 2023
README.md
README.md
Jul 28, 2023
go.mod
go.mod
Jul 24, 2023
go.sum
go.sum
Jul 24, 2023
securefs.go
securefs.go
Jul 24, 2023
securefs_test.go
securefs_test.go
Jul 24, 2023

Repository files navigation

securefs

Go library for secure file system operations scoped to an arbitrary root directory on Linux, without chroot, mount namespaces, or other privileged features.

This uses the Linux-specific openat2 syscall with RESOLVE_IN_ROOT to prevent symlink escapes and race conditions. Other solutions like securejoin are subject to race conditions.

Unlike O_NOFOLLOW, this supports all file system operations and works with symlinks (as long as they don't escape the specified root directory).

About

Secure Linux file system operations scoped to an arbitrary root directory, without chroot

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

35 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages