shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-02-02 09:47:03 +03:00
Code

loop-util: open lock fd read-only

Browse Source 
flock(2) works with file descriptors opened with O_RDONLY.

This affects SELinux systems where access to block devices is quite
restricted to avoid bypasses on filesystem objects.
This commit is contained in:
Christian Göttsche 2022-11-04 19:36:31 +01:00 committed by Luca Boccassi
parent c826b7ef32
commit 3e6b7d2626
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/shared/loop-util.c
View File

@ -77,7 +77,7 @@ static int open_lock_fd(int primary_fd, int operation) {
assert(primary_fd >= 0);
assert(IN_SET(operation & ~LOCK_NB, LOCK_SH, LOCK_EX));
lock_fd = fd_reopen(primary_fd, O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
lock_fd = fd_reopen(primary_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
if (lock_fd < 0)
return lock_fd;