From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 9 Dec 2019 10:20:29 +0000 (+0100)
Subject: file_utils: use O_NOCTTY | O_NOFOLLOW
X-Git-Tag: lxc-4.0.0~76^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef6d231f8b4c8e1cab7d3d764ec3a96d776d73e1;p=thirdparty%2Flxc.git

file_utils: use O_NOCTTY | O_NOFOLLOW

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c
index cb7e9c84f..b6003a3a5 100644
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -44,7 +44,8 @@ int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count)
 	__do_close_prot_errno int fd = -EBADF;
 	ssize_t ret;
 
-	fd = openat(dirfd, filename, O_WRONLY | O_CLOEXEC);
+	fd = openat(dirfd, filename,
+		    O_WRONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
 	if (fd < 0)
 		return -1;
 
@@ -60,7 +61,7 @@ int lxc_write_openat(const char *dir, const char *filename, const void *buf,
 {
 	__do_close_prot_errno int dirfd = -EBADF;
 
-	dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC);
+	dirfd = open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOCTTY | O_NOFOLLOW);
 	if (dirfd < 0)
 		return -1;