From 572e163ef53b5ba6553cc4722bafd8322a569fcd Mon Sep 17 00:00:00 2001 From: Matteo Croce Date: Thu, 4 Jul 2024 03:14:22 +0200 Subject: [PATCH] use O_PATH when getting cgroup fd O_PATH mode is enough to attach a bpf program to a cgroup, use it instead of O_RDONLY --- src/core/bpf-restrict-ifaces.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c index 64d8d1a7e5b..a39f4895f2b 100644 --- a/src/core/bpf-restrict-ifaces.c +++ b/src/core/bpf-restrict-ifaces.c @@ -128,7 +128,7 @@ static int restrict_ifaces_install_impl(Unit *u) { if (r < 0) return r; - cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC | O_DIRECTORY, 0); + cgroup_fd = open(cgroup_path, O_PATH | O_CLOEXEC | O_DIRECTORY, 0); if (cgroup_fd < 0) return -errno; -- 2.47.3