projects / emacs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9a57897)
* lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.
authorPhilipp Stephani <phst@google.com>
Sun, 11 Apr 2021 19:14:09 +0000 (21:14 +0200)
committerPhilipp Stephani <phst@google.com>
Sun, 11 Apr 2021 19:14:41 +0000 (21:14 +0200)
lib-src/seccomp-filter.c patch | blob | history

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 9d25a5fe142649031474fc54fae4d199b65f5e9d..a5f2e0adbca9ff90eda756c488f7539d97081a2d 100644 (file)
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -241,12 +241,12 @@ main (int argc, char **argv)
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (open),
         SCMP_A1_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (openat),
         SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
 
   /* Allow `tcgetpgrp'.  */
Unnamed repository; edit this file 'description' to name the repository.