Mount authfs with noexec Since there's currently no demand to execute code over authfs. Bug: 220931440 Test: TH Change-Id: I826b320bdb6453c4977a9ad7c1c1393b8ba25251

commit: bbac5198dc94094b3aa5f8b39ef74be6d3e1cabb [log] [tgz]
author: Victor Hsieh <victorhsieh@google.com> Tue Feb 22 23:54:32 2022 +0000
committer: Victor Hsieh <victorhsieh@google.com> Tue Feb 22 23:56:29 2022 +0000
tree: a439b48aa76554b1dca60cfdb959f9771c0e7ab8
parent: 6315c84302a7ad81bea1b85dacaf67bb6a8eae19 [diff]
diff --git a/authfs/src/fusefs/mount.rs b/authfs/src/fusefs/mount.rs
index e7f8c94..294c6b1 100644
--- a/authfs/src/fusefs/mount.rs
+++ b/authfs/src/fusefs/mount.rs

@@ -53,8 +53,13 @@
         mount_options.push(MountOption::Extra(value));
     }
 
-    fuse::mount(mountpoint, "authfs", libc::MS_NOSUID | libc::MS_NODEV, &mount_options)
-        .expect("Failed to mount fuse");
+    fuse::mount(
+        mountpoint,
+        "authfs",
+        libc::MS_NOSUID | libc::MS_NODEV | libc::MS_NOEXEC,
+        &mount_options,
+    )
+    .expect("Failed to mount fuse");
 
     fuse::worker::start_message_loop(dev_fuse, MAX_WRITE_BYTES, MAX_READ_BYTES, authfs)
 }
commit	bbac5198dc94094b3aa5f8b39ef74be6d3e1cabb	[log] [tgz]
author	Victor Hsieh <victorhsieh@google.com>	Tue Feb 22 23:54:32 2022 +0000
committer	Victor Hsieh <victorhsieh@google.com>	Tue Feb 22 23:56:29 2022 +0000
tree	a439b48aa76554b1dca60cfdb959f9771c0e7ab8
parent	6315c84302a7ad81bea1b85dacaf67bb6a8eae19 [diff]