crtxcr/exile.h
1
0
Fork 0
Code Issues 14 Pull Requests 1 Releases Wiki Activity

landlock_prepare_ruleset(): zero-init landlock structs

Browse Source 
'landlock_ruleset_attr' used to only have a single member. Meanwhile,
depending on linux/headers version, others may be present. So zero-init
the struct, as otherwise we might get 'Invalid argument' return codes,
as those we do not explicitly initialize might contain garbage values.
This commit is contained in:
Albert S.
2024-05-24 13:25:01 +02:00
parent 44b9a17bec
commit 4059c1a093
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
exile.c
View File

@@ -1307,7 +1307,7 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
static int landlock_prepare_ruleset(struct exile_path_policy *policies) static int landlock_prepare_ruleset(struct exile_path_policy *policies)
{ {
int ruleset_fd = -1; int ruleset_fd = -1;
struct landlock_ruleset_attr ruleset_attr; struct landlock_ruleset_attr ruleset_attr = {0};
/* We here want the maximum possible ruleset, so set the var to the max possible bitmask. /* We here want the maximum possible ruleset, so set the var to the max possible bitmask.
Stolen/Adapted from: [linux src]/security/landlock/limits.h Stolen/Adapted from: [linux src]/security/landlock/limits.h
*/ */
@@ -1322,7 +1322,7 @@ static int landlock_prepare_ruleset(struct exile_path_policy *policies)
struct exile_path_policy *policy = policies; struct exile_path_policy *policy = policies;
while(policy != NULL) while(policy != NULL)
{ {
struct landlock_path_beneath_attr path_beneath; struct landlock_path_beneath_attr path_beneath = {0};
path_beneath.parent_fd = open(policy->path, O_PATH | O_CLOEXEC); path_beneath.parent_fd = open(policy->path, O_PATH | O_CLOEXEC);
if(path_beneath.parent_fd < 0) if(path_beneath.parent_fd < 0)
{ {