From 4059c1a0931acb5aba89b050fe1f42eaf11bec77 Mon Sep 17 00:00:00 2001
From: "Albert S." <mail@quitesimple.org>
Date: Fri, 24 May 2024 13:25:01 +0200
Subject: [PATCH] landlock_prepare_ruleset(): zero-init landlock structs

'landlock_ruleset_attr' used to only have a single member. Meanwhile,
depending on linux/headers version, others may be present. So zero-init
the struct, as otherwise we might get 'Invalid argument' return codes,
as those we do not explicitly initialize might contain garbage values.
---
 exile.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/exile.c b/exile.c
index a8f029d..b9ff33c 100644
--- a/exile.c
+++ b/exile.c
@@ -1307,7 +1307,7 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
 static int landlock_prepare_ruleset(struct exile_path_policy *policies)
 {
 	int ruleset_fd = -1;
-	struct landlock_ruleset_attr ruleset_attr;
+	struct landlock_ruleset_attr ruleset_attr = {0};
 	/* We here want the maximum possible ruleset, so set the var to the max possible bitmask.
 	   Stolen/Adapted from: [linux src]/security/landlock/limits.h
 	*/
@@ -1322,7 +1322,7 @@ static int landlock_prepare_ruleset(struct exile_path_policy *policies)
 	struct exile_path_policy *policy = policies;
 	while(policy != NULL)
 	{
-		struct landlock_path_beneath_attr path_beneath;
+		struct landlock_path_beneath_attr path_beneath = {0};
 		path_beneath.parent_fd = open(policy->path, O_PATH | O_CLOEXEC);
 		if(path_beneath.parent_fd < 0)
 		{