file_utils: use O_NOCTTY | O_NOFOLLOW

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index 3b0e1ea92f84f9715fc31fe6053fd3384541ab2c..aac92fe91f2b4b3fea72e9c1c91ea9347533dd48 100644 (file)
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -44,7 +44,8 @@ int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
        __do_close_prot_errno int fd = -EBADF;
        ssize_t ret;
 
-       fd = openat(dirfd, filename, O_WRONLY | O_CLOEXEC);
+       fd = openat(dirfd, filename,
+                   O_WRONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
        if (fd < 0)
                return -1;
 
@@ -60,7 +61,7 @@ int lxc_write_openat(const char *dir, const char *filename, const void *buf,
 {
        __do_close_prot_errno int dirfd = -EBADF;
 
-       dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+       dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
        if (dirfd < 0)
                return -1;