Skip to content

Commit

Permalink
landlock: stop setting global ruleset in ll_create_full_ruleset
Browse files Browse the repository at this point in the history 
To avoid confusion, only return a new ruleset and let the caller set the
global one.

This amends commit 13b2c56 ("feature: add Landlock support",
2023-10-24).
  • Loading branch information
@kmk3
kmk3 committed Nov 8, 2023
1 parent d10bf15 commit a8061db
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions src/firejail/landlock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,12 +100,12 @@ static int ll_create_full_ruleset() {
LANDLOCK_ACCESS_FS_REMOVE_FILE |
LANDLOCK_ACCESS_FS_WRITE_FILE;

ll_ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
if (ll_ruleset_fd < 0) {
int ruleset_fd = landlock_create_ruleset(&attr, sizeof(attr), 0);
if (ruleset_fd < 0) {
fprintf(stderr, "Error: failed to create a Landlock ruleset: %s\n",
strerror(errno));
}
return ll_ruleset_fd;
return ruleset_fd;
}

int ll_read(const char *allowed_path) {
Expand Down

0 comments on commit a8061db

Please sign in to comment.