From 2118ed49dcf6adf60c6c544667dbf71c54239b86 Mon Sep 17 00:00:00 2001
From: Thomas Blume <Thomas.Blume@suse.com>
Date: Fri, 16 May 2025 14:27:10 +0200
Subject: [PATCH] Don't allow suid and dev set on fs resize

Fixes: CVE-2025-6019
---
 src/plugins/fs/generic.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/plugins/fs/generic.c b/src/plugins/fs/generic.c
index ca08d19a..15b55271 100644
--- a/src/plugins/fs/generic.c
+++ b/src/plugins/fs/generic.c
@@ -409,7 +409,7 @@ static gboolean xfs_resize_device (const gchar *device, guint64 new_size, const
                              "before resizing it.", device);
                 return FALSE;
             }
-            ret = bd_fs_mount (device, mountpoint, "xfs", NULL, NULL, error);
+            ret = bd_fs_mount (device, mountpoint, "xfs", "nosuid,nodev", NULL, error);
             if (!ret) {
                 g_prefix_error (error, "Failed to mount '%s' before resizing it: ", device);
                 return FALSE;
-- 
2.49.0