exile_flags_to_landlock(): Cover more with ALL_WRITE, except devices
More consistent with mount(), where MS_NODEV disallows those. We may need to introduce a flag that simply allows everything
このコミットが含まれているのは:
コミット
ea66ef76eb
7
exile.c
7
exile.c
@ -1208,9 +1208,12 @@ static unsigned int exile_flags_to_landlock(unsigned int flags, int statmode)
|
|||||||
result |= LANDLOCK_ACCESS_FS_WRITE_FILE;
|
result |= LANDLOCK_ACCESS_FS_WRITE_FILE;
|
||||||
if(S_ISDIR(statmode))
|
if(S_ISDIR(statmode))
|
||||||
{
|
{
|
||||||
result |= LANDLOCK_ACCESS_FS_REMOVE_FILE;
|
|
||||||
result |= LANDLOCK_ACCESS_FS_MAKE_REG;
|
|
||||||
result |= LANDLOCK_ACCESS_FS_REMOVE_DIR;
|
result |= LANDLOCK_ACCESS_FS_REMOVE_DIR;
|
||||||
|
result |= LANDLOCK_ACCESS_FS_REMOVE_FILE;
|
||||||
|
result |= LANDLOCK_ACCESS_FS_MAKE_DIR;
|
||||||
|
result |= LANDLOCK_ACCESS_FS_MAKE_FIFO;
|
||||||
|
result |= LANDLOCK_ACCESS_FS_MAKE_REG;
|
||||||
|
result |= LANDLOCK_ACCESS_FS_MAKE_SOCK;
|
||||||
result |= LANDLOCK_ACCESS_FS_MAKE_SYM;
|
result |= LANDLOCK_ACCESS_FS_MAKE_SYM;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
読み込み中…
x
新しいイシューから参照
ユーザーをブロックする