From: Matteo Croce Date: Thu, 4 Jul 2024 01:14:22 +0000 (+0200) Subject: use O_PATH when getting cgroup fd X-Git-Tag: v257-rc1~877^2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=572e163ef53b5ba6553cc4722bafd8322a569fcd;p=thirdparty%2Fsystemd.git use O_PATH when getting cgroup fd O_PATH mode is enough to attach a bpf program to a cgroup, use it instead of O_RDONLY --- diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c index 64d8d1a7e5b..a39f4895f2b 100644 --- a/src/core/bpf-restrict-ifaces.c +++ b/src/core/bpf-restrict-ifaces.c @@ -128,7 +128,7 @@ static int restrict_ifaces_install_impl(Unit *u) { if (r < 0) return r; - cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC | O_DIRECTORY, 0); + cgroup_fd = open(cgroup_path, O_PATH | O_CLOEXEC | O_DIRECTORY, 0); if (cgroup_fd < 0) return -errno;