From 459c535006e3ea18a4a2b53033f72190df13bf1b Mon Sep 17 00:00:00 2001
From: Alex <aleksandrosansan@gmail.com>
Date: Tue, 27 Sep 2022 00:01:22 +0200
Subject: [PATCH] build: harden cibuild.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
---
 .github/workflows/cibuild.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/cibuild.yml b/.github/workflows/cibuild.yml
index 811537cc88..dc10ad4c41 100644
--- a/.github/workflows/cibuild.yml
+++ b/.github/workflows/cibuild.yml
@@ -14,6 +14,9 @@ on:
       - 'Documentation/**'
       - 'lib*/docs/**'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -38,6 +41,10 @@ jobs:
       - name: Make install
         run: .github/workflows/cibuild.sh INSTALL
   coveralls:
+    permissions:
+      contents: read # to fetch code (actions/checkout)
+      checks: write # to create new checks (coverallsapp/github-action)
+
     runs-on: ubuntu-latest
     if: github.repository == 'util-linux/util-linux'
     env:
-- 
2.47.3