Blame SOURCES/0035-loop-util-open-lock-fd-read-only.patch
|
|
ac3a84 |
From ba5d26d85d0c4250b10a46a5c9cd3a3e1f0ce43b Mon Sep 17 00:00:00 2001
|
|
|
ac3a84 |
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
|
|
|
ac3a84 |
Date: Fri, 4 Nov 2022 19:36:31 +0100
|
|
|
ac3a84 |
Subject: [PATCH] loop-util: open lock fd read-only
|
|
|
ac3a84 |
|
|
|
ac3a84 |
flock(2) works with file descriptors opened with O_RDONLY.
|
|
|
ac3a84 |
|
|
|
ac3a84 |
This affects SELinux systems where access to block devices is quite
|
|
|
ac3a84 |
restricted to avoid bypasses on filesystem objects.
|
|
|
ac3a84 |
|
|
|
ac3a84 |
(cherry picked from commit 3e6b7d2626de9c0faf8b34b2629e8d6d8fa85a7d)
|
|
|
ac3a84 |
|
|
|
ac3a84 |
Related #2138081
|
|
|
ac3a84 |
---
|
|
|
ac3a84 |
src/shared/loop-util.c | 2 +-
|
|
|
ac3a84 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
ac3a84 |
|
|
|
ac3a84 |
diff --git a/src/shared/loop-util.c b/src/shared/loop-util.c
|
|
|
ac3a84 |
index 731ce29112..fb7e80b1b5 100644
|
|
|
ac3a84 |
--- a/src/shared/loop-util.c
|
|
|
ac3a84 |
+++ b/src/shared/loop-util.c
|
|
|
ac3a84 |
@@ -77,7 +77,7 @@ static int open_lock_fd(int primary_fd, int operation) {
|
|
|
ac3a84 |
assert(primary_fd >= 0);
|
|
|
ac3a84 |
assert(IN_SET(operation & ~LOCK_NB, LOCK_SH, LOCK_EX));
|
|
|
ac3a84 |
|
|
|
ac3a84 |
- lock_fd = fd_reopen(primary_fd, O_RDWR|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
|
|
|
ac3a84 |
+ lock_fd = fd_reopen(primary_fd, O_RDONLY|O_CLOEXEC|O_NONBLOCK|O_NOCTTY);
|
|
|
ac3a84 |
if (lock_fd < 0)
|
|
|
ac3a84 |
return lock_fd;
|
|
|
ac3a84 |
|