file_utils: harden lxc_open_dirfd()

author Christian Brauner <christian.brauner@ubuntu.com>

Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)

committer Christian Brauner <christian.brauner@ubuntu.com>

Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)
author Christian Brauner <christian.brauner@ubuntu.com>
Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)
committer Christian Brauner <christian.brauner@ubuntu.com>
Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)
diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c

index c6f2a2c45f4773b2cf919fa39c1d63ac042f8ebd..2fd81d6e232ef72db056f76ef9b3749b581c98d9 100644 (file)
--- a/src/lxc/file_utils.c
+++ b/src/lxc/file_utils.c
@@ -23,7 +23,7 @@
  
  int lxc_open_dirfd(const char *dir)
  {
-       return open(dir, O_DIRECTORY | O_RDONLY | O_CLOEXEC | O_NOFOLLOW);
+       return open_at(-EBADF, dir, PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV, 0);
  }
  
  int lxc_readat(int dirfd, const char *filename, void *buf, size_t count)
author	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Tue, 2 Feb 2021 12:45:11 +0000 (13:45 +0100)