conf: restrict open call in lxc_mount_rootfs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: restrict open call in lxc_mount_rootfs()
ccf53741 · Christian Brauner · e1b9d6af · ccf53741
Unverified Commit ccf53741 authored Feb 03, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

conf.c src/lxc/conf.c +1 -1

No files found.
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1242,7 +1242,7 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
 		if (ret < 0)
 			return log_error_errno(-1, errno, "Failed to recursively turn root mount tree into dependent mount");
-		rootfs->mntpt_fd = openat(-1, "/", O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+		rootfs->mntpt_fd = open_at(-EBADF, "/", PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE, 0);
 		if (rootfs->mntpt_fd < 0)
 			return -errno;