conf: restrict open for lxc_mount_rootfs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index bfbc98a20559040d05f47f6de1fb2ec520b23381..4e67249694a24ab5a45ade9ba05e9a31b7df5b2e 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1271,7 +1271,7 @@ static int lxc_mount_rootfs(struct lxc_conf *conf)
              rootfs->path, rootfs->mount,
              rootfs->options ? rootfs->options : "(null)");
 
-       rootfs->mntpt_fd = openat(-1, rootfs->mount, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH);
+       rootfs->mntpt_fd = open_at(-EBADF, rootfs->mount, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE_XDEV, 0);
        if (rootfs->mntpt_fd < 0)
                return -errno;
 

diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h
index 9331d350809cb2ec8d4a06f7f928b5f01bc7f680..afeb421d72aeccc3d215435886fa908b433c3f16 100644 (file)
--- a/src/lxc/syscall_wrappers.h
+++ b/src/lxc/syscall_wrappers.h
@@ -262,6 +262,7 @@ struct lxc_open_how {
 #define PROTECT_LOOKUP_ABSOLUTE (PROTECT_LOOKUP_BENEATH & ~RESOLVE_BENEATH)
 #define PROTECT_LOOKUP_ABSOLUTE_WITH_SYMLINKS (PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_SYMLINKS)
 #define PROTECT_LOOKUP_ABSOLUTE_WITH_MAGICLINKS (PROTECT_LOOKUP_ABSOLUTE & ~(RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS))
+#define PROTECT_LOOKUP_ABSOLUTE_XDEV (PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV)
 
 #define PROTECT_OPATH_FILE (O_NOFOLLOW | O_PATH | O_CLOEXEC)
 #define PROTECT_OPATH_DIRECTORY (PROTECT_OPATH_FILE | O_DIRECTORY)