From 6598c99ba26a66fac771e0f21cac97cfa237dbcc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Sj=C3=B6lund?= Date: Fri, 7 Feb 2025 08:10:28 +0100 Subject: [PATCH] utils: add O_NOFOLLOW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Erik Sjölund --- src/libcrun/utils.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libcrun/utils.c b/src/libcrun/utils.c index 4d64fde7a1..7db4823197 100644 --- a/src/libcrun/utils.c +++ b/src/libcrun/utils.c @@ -2110,11 +2110,11 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char switch (mode & S_IFMT) { case S_IFREG: - srcfd = openat (dirfd (dsrcfd), de->d_name, O_NONBLOCK | O_RDONLY | O_CLOEXEC); + srcfd = openat (dirfd (dsrcfd), de->d_name, O_NONBLOCK | O_RDONLY | O_CLOEXEC | O_NOFOLLOW); if (UNLIKELY (srcfd < 0)) return crun_make_error (err, errno, "open `%s/%s`", srcname, de->d_name); - destfd = openat (destdirfd, de->d_name, O_RDWR | O_CREAT | O_CLOEXEC, 0777); + destfd = openat (destdirfd, de->d_name, O_RDWR | O_CREAT | O_CLOEXEC | O_NOFOLLOW, 0777); if (UNLIKELY (destfd < 0)) return crun_make_error (err, errno, "open `%s/%s`", destname, de->d_name); @@ -2137,11 +2137,11 @@ copy_recursive_fd_to_fd (int srcdirfd, int dfd, const char *srcname, const char if (UNLIKELY (ret < 0)) return crun_make_error (err, errno, "mkdir `%s/%s`", destname, de->d_name); - srcfd = openat (dirfd (dsrcfd), de->d_name, O_DIRECTORY | O_CLOEXEC); + srcfd = openat (dirfd (dsrcfd), de->d_name, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); if (UNLIKELY (srcfd < 0)) return crun_make_error (err, errno, "open directory `%s/%s`", srcname, de->d_name); - destfd = openat (destdirfd, de->d_name, O_DIRECTORY | O_CLOEXEC); + destfd = openat (destdirfd, de->d_name, O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); if (UNLIKELY (destfd < 0)) return crun_make_error (err, errno, "open directory `%s/%s`", srcname, de->d_name);