[lxc-devel] [lxc/master] file_utils: use O_NOCTTY | O_NOFOLLOW
brauner on Github
lxc-bot at linuxcontainers.org
Mon Dec 9 10:21:09 UTC 2019
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20191209/7d1f4ae3/attachment.bin>
-------------- next part --------------
From ef6d231f8b4c8e1cab7d3d764ec3a96d776d73e1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Mon, 9 Dec 2019 11:20:29 +0100
Subject: [PATCH] file_utils: use O_NOCTTY | O_NOFOLLOW
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/file_utils.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index cb7e9c84f9..b6003a3a5c 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -44,7 +44,8 @@ int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
__do_close_prot_errno int fd = -EBADF;
ssize_t ret;
- fd = openat(dirfd, filename, O_WRONLY | O_CLOEXEC);
+ fd = openat(dirfd, filename,
+ O_WRONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
if (fd < 0)
return -1;
@@ -60,7 +61,7 @@ int lxc_write_openat(const char *dir, const char *filename, const void *buf,
{
__do_close_prot_errno int dirfd = -EBADF;
- dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+ dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
if (dirfd < 0)
return -1;
More information about the lxc-devel
mailing list