emacs-diffs
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

master cf0701e 1/2: * lib-src/seccomp-filter.c (main): Also allow O_NOFO

From: Philipp Stephani
Subject: master cf0701e 1/2: * lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.
Date: Sun, 11 Apr 2021 15:19:27 -0400 (EDT) 
branch: master
commit cf0701eff0f3b06e0324be07f7810cbaf261f7f3
Author: Philipp Stephani <phst@google.com>
Commit: Philipp Stephani <phst@google.com>

    * lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.
---
 lib-src/seccomp-filter.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 9d25a5f..a5f2e0a 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -241,12 +241,12 @@ main (int argc, char **argv)
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (open),
         SCMP_A1_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (openat),
         SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
 
   /* Allow `tcgetpgrp'.  */
reply via email to
[Prev in Thread] Current Thread [Next in Thread]