rpms / systemd

Clone
Source Code
GIT

Blame SOURCES/0035-loop-util-open-lock-fd-read-only.patch

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-atomic-beta c7-beta c7-sig-altarch-fasttrack c8 c8-beta c8s c8s-sig-hyperscale c8s-sig-hyperscale-hotfix-252 c9 c9-beta c9s-sig-hyperscale c9s-sig-hyperscale-hotfix-252
  1.   2aaceffb63c380c5ea3df653b8aee499968c289a
  2.   SOURCES
  3.   0035-loop-util-open-lock-fd-read-only.patch
Blob History Raw
2aacef 
From ba5d26d85d0c4250b10a46a5c9cd3a3e1f0ce43b Mon Sep 17 00:00:00 2001
2aacef 
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
2aacef 
Date: Fri, 4 Nov 2022 19:36:31 +0100
2aacef 
Subject: [PATCH] loop-util: open lock fd read-only
2aacef
2aacef 
flock(2) works with file descriptors opened with O_RDONLY.
2aacef
2aacef 
This affects SELinux systems where access to block devices is quite
2aacef 
restricted to avoid bypasses on filesystem objects.
2aacef
2aacef 
(cherry picked from commit 3e6b7d2626de9c0faf8b34b2629e8d6d8fa85a7d)
2aacef
2aacef 
Related #2138081
2aacef 
---
2aacef 
 src/shared/loop-util.c | 2 +-
2aacef 
 1 file changed, 1 insertion(+), 1 deletion(-)
2aacef
2aacef 
diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c
2aacef 
index 731ce29112..fb7e80b1b5 100644
2aacef 
--- a/src/shared/loop-util.c
2aacef 
+++ b/src/shared/loop-util.c
2aacef 
@@ -77,7 +77,7 @@ static int open_lock_fd(int primary_fd, int operation) {
2aacef 
         assert(primary_fd >= 0);
2aacef 
         assert(IN_SET(operation & ~LOCK_NB, LOCK_SH, LOCK_EX));
2aacef
2aacef 
-        lock_fd = fd_reopen(primary_fd, O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2aacef 
+        lock_fd = fd_reopen(primary_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
2aacef 
         if (lock_fd < 0)
2aacef 
                 return lock_fd;
2aacef

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation