projects / systemd / .git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b209fff)
use O_PATH when getting cgroup fd
authorMatteo Croce <teknoraver@meta.com>
Thu, 4 Jul 2024 01:14:22 +0000 (03:14 +0200)
committerMatteo Croce <teknoraver@meta.com>
Tue, 16 Jul 2024 13:03:37 +0000 (15:03 +0200)
O_PATH mode is enough to attach a bpf program to a cgroup, use it
instead of O_RDONLY

src/core/bpf-restrict-ifaces.c patch | blob | history

diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c
index 64d8d1a7e5b24ad15a1340351a66c3aa23da736a..a39f4895f2b6f59ee7c604bbdde18537496506de 100644 (file)
--- a/src/core/bpf-restrict-ifaces.c
+++ b/src/core/bpf-restrict-ifaces.c
@@ -128,7 +128,7 @@ static int restrict_ifaces_install_impl(Unit *u) {
         if (r < 0)
                 return r;
 
-        cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC | O_DIRECTORY, 0);
+        cgroup_fd = open(cgroup_path, O_PATH | O_CLOEXEC | O_DIRECTORY, 0);
         if (cgroup_fd < 0)
                 return -errno;
 
https://github.com/systemd/systemd.git