You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35 lines
1.1 KiB
35 lines
1.1 KiB
10 months ago
|
From f9c0ade7cd9a514d4ca6f81f797284e11c56b31a Mon Sep 17 00:00:00 2001
|
||
|
|
From: Chris White <chwhite@redhat.com>
|
||
|
|
Date: Wed, 21 Feb 2024 15:22:44 -0500
|
||
|
|
Subject: [PATCH] Make fill_process_comm() open comm file as READ_ONLY
|
||
|
|
|
||
|
|
The fill_process_comm() opens the comm file using O_RDWR. The
|
||
|
|
function itself does not perform a write operation on the file,
|
||
|
|
and opening this in read and write mode can cause selinux policy
|
||
|
|
violations where opening the file with write permission is
|
||
|
|
restricted. Since the function itself only needs to read from this
|
||
|
|
fd, changing this to READ_ONLY (O_RDONLY)
|
||
|
|
|
||
|
|
Signed-off-by: Chris White <chwhite@redhat.com>
|
||
|
|
Signed-off-by: John Kacur <jkacur@redhat.com>
|
||
|
|
---
|
||
|
|
src/utils.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/src/utils.c b/src/utils.c
|
||
|
|
index f6feca7040d8..898f4a5d06a7 100644
|
||
|
|
--- a/src/utils.c
|
||
|
|
+++ b/src/utils.c
|
||
|
|
@@ -55,7 +55,7 @@ int fill_process_comm(int tgid, int pid, char *comm, int comm_size)
|
||
|
|
if (retval < 0)
|
||
|
|
goto out_error;
|
||
|
|
|
||
|
|
- fd = open(path, O_RDWR);
|
||
|
|
+ fd = open(path, O_RDONLY);
|
||
|
|
if (fd < 0) {
|
||
|
|
log_msg("failed to open comm file at %s\n", path);
|
||
|
|
goto out_error;
|
||
|
|
--
|
||
|
|
2.43.0
|
||
|
|
|