From: Philipp Stephani <phst@google.com>
Date: Sun, 11 Apr 2021 19:14:09 +0000 (+0200)
Subject: * lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.
X-Git-Tag: emacs-28.0.90~2902
X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=cf0701eff0f3b06e0324be07f7810cbaf261f7f3;p=emacs.git

* lib-src/seccomp-filter.c (main): Also allow O_NOFOLLOW.
---

diff --git a/lib-src/seccomp-filter.c b/lib-src/seccomp-filter.c
index 9d25a5fe142..a5f2e0adbca 100644
--- a/lib-src/seccomp-filter.c
+++ b/lib-src/seccomp-filter.c
@@ -241,12 +241,12 @@ main (int argc, char **argv)
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (open),
         SCMP_A1_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
   RULE (SCMP_ACT_ALLOW, SCMP_SYS (openat),
         SCMP_A2_32 (SCMP_CMP_MASKED_EQ,
                     ~(O_RDONLY | O_BINARY | O_CLOEXEC | O_PATH
-                      | O_DIRECTORY),
+                      | O_DIRECTORY | O_NOFOLLOW),
                     0));
 
   /* Allow `tcgetpgrp'.  */