From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Tue, 2 Feb 2021 12:45:11 +0000 (+0100)
Subject: file_utils: harden lxc_open_dirfd()
X-Git-Tag: lxc-5.0.0~306^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87c7dbcb9c6ec987ee4f39f3ebf3132c192ee9de;p=thirdparty%2Flxc.git

file_utils: harden lxc_open_dirfd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index c6f2a2c45..2fd81d6e2 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -23,7 +23,7 @@
 
 int lxc_open_dirfd(const char *dir)
 {
-	return open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+	return open_at(-EBADF, dir, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV, 0);
 }
 
 int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)