* lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.

author: Philipp Stephani <phst@google.com> 2021-04-11 21:14:09 +0200
committer: Philipp Stephani <phst@google.com> 2021-04-11 21:14:41 +0200
commit: cf0701eff0f3b06e0324be07f7810cbaf261f7f3 (patch)
tree: 7c9d39821cc55c16fd62e56acc2c524e8b3a2f63 /lib-src
parent: 9a57897ea1a125782ff332814d3f978c38162cf8 (diff)
download: emacs-cf0701eff0f3b06e0324be07f7810cbaf261f7f3.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 9d25a5fe142..a5f2e0adbca 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -241,12 +241,12 @@ main (int argc, char **argv)
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (open),
         SCMP_A1_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (openat),
         SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
 
   /* Allow `tcgetpgrp'.  */
author	Philipp Stephani <phst@google.com>	2021-04-11 21:14:09 +0200
committer	Philipp Stephani <phst@google.com>	2021-04-11 21:14:41 +0200
commit	cf0701eff0f3b06e0324be07f7810cbaf261f7f3 (patch)
tree	7c9d39821cc55c16fd62e56acc2c524e8b3a2f63 /lib-src
parent	9a57897ea1a125782ff332814d3f978c38162cf8 (diff)
download	emacs-cf0701eff0f3b06e0324be07f7810cbaf261f7f3.tar.gz