translation/Protocol: add packet MOUNT_TMP_TMPFS_EXEC

MaxKellermann · MaxKellermann · commit bcdfa8ad985a · 2026-03-02T08:05:27.000+01:00
diff --git a/debian/changelog b/debian/changelog
@@ -1,5 +1,6 @@
 cm4all-beng-proxy (21.16) unstable; urgency=low
 
+  * translation: add packet MOUNT_TMP_TMPFS_EXEC
   * systemd: start daemons with MALLOC_ARENA_MAX=4
   * fix build failure after CURL 8.19 API change
 
diff --git a/doc/translation.rst b/doc/translation.rst
@@ -1220,6 +1220,10 @@ described in this section.
   payload may specify additional ``tmpfs`` mount options such as
   ``size=64M``.
 
+  By default, code execution from this filesystem is disabled via
+  ``MS_NOEXEC``.  A follow-up ``MOUNT_TMP_TMPFS_EXEC`` packet disables
+  this behavior, i.e. allows executing code from this ``tmpfs``.
+
 - ``MOUNT_TMPFS`` mounts a new (user-writable) ``tmpfs`` on the given
   path. This is private to the namespace and is deleted when the
   process exits.
diff --git a/libcommon b/libcommon
@@ -1 +1 @@
-Subproject commit 643cc18a25043aeb196d6b37c3e40259d517332a
+Subproject commit 60fc660afaf5f2a657fae7d0f9951cee3407f8ca
diff --git a/python/beng_proxy/translation/protocol.py b/python/beng_proxy/translation/protocol.py
@@ -282,6 +282,7 @@
 TRANSLATE_PEEK = 276
 TRANSLATE_ALLOW_PTRACE = 277
 TRANSLATE_ACCESS_CONTROL_ALLOW_ALL = 278
+TRANSLATE_MOUNT_TMP_TMPFS_EXEC = 279
 
 TRANSLATE_PROXY = TRANSLATE_HTTP # deprecated
 TRANSLATE_LHTTP_EXPAND_URI = TRANSLATE_EXPAND_LHTTP_URI # deprecated
