conf: restrict open for lxc_mount_rootfs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: restrict open for lxc_mount_rootfs()
8a1a6dd6 · Christian Brauner · ec09da6f · 8a1a6dd6
Unverified Commit 8a1a6dd6 authored Feb 03, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

conf.c src/lxc/conf.c +1 -1

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1268,7 +1268,7 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
 	      rootfs->path, rootfs->mount,
 	      rootfs->options ? rootfs->options : "(null)");

-	rootfs->mntpt_fd = openat(-1, rootfs->mount, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+	rootfs->mntpt_fd = open_at(-EBADF, rootfs->mount, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
 	if (rootfs->mntpt_fd < 0)
 		return -errno;