From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Fri, 15 Nov 2024 10:52:00 +0000 (+0100)
Subject: sandbox: Akways use O_EXCL with O_CREAT
X-Git-Tag: v25~171^2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=373b42ad2049ab7363239c5cebc399fcddc5ad72;p=thirdparty%2Fmkosi.git

sandbox: Akways use O_EXCL with O_CREAT

In all cases we want to make sure that we're the ones creating the
file so let's specify O_EXCL.
---

diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py
index 71ab7bd75..47ea56493 100755
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -472,7 +472,7 @@ class BindOperation(FSOperation):
 
             with umask(~0o644 if isfile else ~0o755):
                 if isfile:
-                    os.close(os.open(dst, os.O_CREAT | os.O_CLOEXEC))
+                    os.close(os.open(dst, os.O_CREAT | os.O_CLOEXEC | os.O_EXCL))
                 else:
                     os.mkdir(dst)
 
@@ -506,7 +506,7 @@ class DevOperation(FSOperation):
 
         for node in ("null", "zero", "full", "random", "urandom", "tty"):
             ndst = joinpath(dst, node)
-            os.close(os.open(ndst, os.O_CREAT | os.O_CLOEXEC))
+            os.close(os.open(ndst, os.O_CREAT | os.O_CLOEXEC | os.O_EXCL))
 
             mount(joinpath(oldroot, "dev", node), ndst, "", MS_BIND, "")
 
@@ -526,7 +526,7 @@ class DevOperation(FSOperation):
         os.symlink("pts/ptmx", joinpath(dst, "ptmx"))
 
         if self.ttyname:
-            os.close(os.open(joinpath(dst, "console"), os.O_CREAT | os.O_CLOEXEC))
+            os.close(os.open(joinpath(dst, "console"), os.O_CREAT | os.O_CLOEXEC | os.O_EXCL))
             mount(joinpath(oldroot, self.ttyname), joinpath(dst, "console"), "", MS_BIND, "")