landlock_prepare_ruleset(): zero-init landlock structs
'landlock_ruleset_attr' used to only have a single member. Meanwhile, depending on linux/headers version, others may be present. So zero-init the struct, as otherwise we might get 'Invalid argument' return codes, as those we do not explicitly initialize might contain garbage values.
This commit is contained in:
parent
44b9a17bec
commit
4059c1a093
4
exile.c
4
exile.c
@ -1307,7 +1307,7 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
|
||||
static int landlock_prepare_ruleset(struct exile_path_policy *policies)
|
||||
{
|
||||
int ruleset_fd = -1;
|
||||
struct landlock_ruleset_attr ruleset_attr;
|
||||
struct landlock_ruleset_attr ruleset_attr = {0};
|
||||
/* We here want the maximum possible ruleset, so set the var to the max possible bitmask.
|
||||
Stolen/Adapted from: [linux src]/security/landlock/limits.h
|
||||
*/
|
||||
@ -1322,7 +1322,7 @@ static int landlock_prepare_ruleset(struct exile_path_policy *policies)
|
||||
struct exile_path_policy *policy = policies;
|
||||
while(policy != NULL)
|
||||
{
|
||||
struct landlock_path_beneath_attr path_beneath;
|
||||
struct landlock_path_beneath_attr path_beneath = {0};
|
||||
path_beneath.parent_fd = open(policy->path, O_PATH | O_CLOEXEC);
|
||||
if(path_beneath.parent_fd < 0)
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user