diff options
| author | Matteo Croce <teknoraver@meta.com> | 2024-07-04 03:14:22 +0200 |
|---|---|---|
| committer | Matteo Croce <teknoraver@meta.com> | 2024-07-16 15:03:37 +0200 |
| commit | 572e163ef53b5ba6553cc4722bafd8322a569fcd (patch) | |
| tree | 3094ab0281eed974a2c8a857e57e74e0172be6af /src/core/bpf-restrict-ifaces.c | |
| parent | mkosi: List library packages explicitly in VolatilePackages= (diff) | |
| download | systemd-572e163ef53b5ba6553cc4722bafd8322a569fcd.tar.xz systemd-572e163ef53b5ba6553cc4722bafd8322a569fcd.zip | |
use O_PATH when getting cgroup fd
O_PATH mode is enough to attach a bpf program to a cgroup, use it
instead of O_RDONLY
Diffstat (limited to 'src/core/bpf-restrict-ifaces.c')
| -rw-r--r-- | src/core/bpf-restrict-ifaces.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/core/bpf-restrict-ifaces.c b/src/core/bpf-restrict-ifaces.c index 64d8d1a7e5..a39f4895f2 100644 --- a/src/core/bpf-restrict-ifaces.c +++ b/src/core/bpf-restrict-ifaces.c @@ -128,7 +128,7 @@ static int restrict_ifaces_install_impl(Unit *u) { if (r < 0) return r; - cgroup_fd = open(cgroup_path, O_RDONLY | O_CLOEXEC | O_DIRECTORY, 0); + cgroup_fd = open(cgroup_path, O_PATH | O_CLOEXEC | O_DIRECTORY, 0); if (cgroup_fd < 0) return -errno; |