diff options
| author | Stefano Brivio <sbrivio@redhat.com> | 2022-01-25 20:08:00 +0100 |
|---|---|---|
| committer | Stefano Brivio <sbrivio@redhat.com> | 2022-01-26 16:30:59 +0100 |
| commit | 4c7304db85bd4e8ae641ab946a5b3832f24b6eca (patch) | |
| tree | 4fb82c8162bd56183aa3bdd3410df7ee12021259 /util.c | |
| parent | 1776de0140fb663777d4590fbb849c1d0a0c7885 (diff) | |
| download | passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar.gz passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar.bz2 passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar.lz passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar.xz passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.tar.zst passt-4c7304db85bd4e8ae641ab946a5b3832f24b6eca.zip | |
conf, pasta: Explicitly pass CLONE_{NEWUSER,NEWNET} to setns()
Only allow the intended types of namespaces to be joined via setns()
as a defensive measure.
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Diffstat (limited to 'util.c')
| -rw-r--r-- | util.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -469,10 +469,10 @@ void procfs_scan_listen(char *name, uint8_t *map, uint8_t *exclude) */ int ns_enter(struct ctx *c) { - if (!c->netns_only && setns(c->pasta_userns_fd, 0)) + if (!c->netns_only && setns(c->pasta_userns_fd, CLONE_NEWUSER)) return -errno; - if (setns(c->pasta_netns_fd, 0)) + if (setns(c->pasta_netns_fd, CLONE_NEWNET)) return -errno; return 0; |