From ea66ef76ebb88a43ac25c9a86f8fcab8efa130b2 Mon Sep 17 00:00:00 2001
From: Albert S <mail@quitesimple.org>
Date: Thu, 17 Mar 2022 15:42:57 +0100
Subject: [PATCH] exile_flags_to_landlock(): Cover more with ALL_WRITE, except
 devices

More consistent with mount(), where MS_NODEV disallows those.

We may need to introduce a flag that simply allows everything
---
 exile.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/exile.c b/exile.c
index c06903f..32bc761 100644
--- a/exile.c
+++ b/exile.c
@@ -1208,9 +1208,12 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
 		result |= LANDLOCK_ACCESS_FS_WRITE_FILE;
 		if(S_ISDIR(statmode))
 		{
-			result |= LANDLOCK_ACCESS_FS_REMOVE_FILE;
-			result |= LANDLOCK_ACCESS_FS_MAKE_REG;
 			result |= LANDLOCK_ACCESS_FS_REMOVE_DIR;
+			result |= LANDLOCK_ACCESS_FS_REMOVE_FILE;
+			result |= LANDLOCK_ACCESS_FS_MAKE_DIR;
+			result |= LANDLOCK_ACCESS_FS_MAKE_FIFO;
+			result |= LANDLOCK_ACCESS_FS_MAKE_REG;
+			result |= LANDLOCK_ACCESS_FS_MAKE_SOCK;
 			result |= LANDLOCK_ACCESS_FS_MAKE_SYM;
 		}
 	}