makary/bookmarkfs
1
0
Fork 0
mirror of https://git.sr.ht/~cismonx/bookmarkfs synced 2025-06-07 19:58:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

sandbox: fix landlock rule fd close

Browse source
This commit is contained in:
CismonX 2025-01-14 19:45:22 +08:00
parent 349877f9a3
commit aa5326edf9
No known key found for this signature in database
GPG key ID: 3094873E29A482FB
1 changed files with 10 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
src/sandbox.c
View file

@ -269,6 +269,7 @@ sandbox_enter (
if (flags & SANDBOX_NO_LANDLOCK) { if (flags & SANDBOX_NO_LANDLOCK) {
goto apply_seccomp; goto apply_seccomp;
} }
status = -1;
#ifdef BOOKMARKFS_SANDBOX_LANDLOCK #ifdef BOOKMARKFS_SANDBOX_LANDLOCK
int ruleset_version = landlock_create_ruleset(NULL, 0, int ruleset_version = landlock_create_ruleset(NULL, 0,
LANDLOCK_CREATE_RULESET_VERSION); LANDLOCK_CREATE_RULESET_VERSION);
@ -326,21 +327,25 @@ sandbox_enter (
log_printf("landlock_restrict_self(): %s", xstrerror(errno)); log_printf("landlock_restrict_self(): %s", xstrerror(errno));
goto free_ruleset; goto free_ruleset;
} }
status = 0;
free_ruleset:
close(lrfd);
#else #else
log_printf("landlock is not supported on this build"); log_printf("landlock is not supported on this build");
status = -1;
goto free_sfctx;
#endif /* defined(BOOKMARKFS_SANDBOX_LANDLOCK) */ #endif /* defined(BOOKMARKFS_SANDBOX_LANDLOCK) */
if (status < 0) {
goto free_sfctx;
}
apply_seccomp: apply_seccomp:
status = seccomp_load(sfctx); status = seccomp_load(sfctx);
if (unlikely(status != 0)) { if (unlikely(status != 0)) {
log_printf("seccomp_load(): %s", xstrerror(-status)); log_printf("seccomp_load(): %s", xstrerror(-status));
} }
free_ruleset:
close(lrfd);
free_sfctx: free_sfctx:
seccomp_release(sfctx); seccomp_release(sfctx);