diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-08 16:09:28 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-10 23:22:15 +0100 |
| commit | a9aac7d8dd8939d48df5dba391fae43bf34afcdf (patch) | |
| tree | 566dd20e19aba6ca07a456fe705c5b9ea86076c5 /src/core/bpf-devices.c | |
| parent | 124e05b3b60c253d83ba5e122aca34be719391ff (diff) | |
| download | systemd-a9aac7d8dd8939d48df5dba391fae43bf34afcdf.tar.gz | |
core: also split out helper to handle static device nodes
Diffstat (limited to 'src/core/bpf-devices.c')
| -rw-r--r-- | src/core/bpf-devices.c | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/src/core/bpf-devices.c b/src/core/bpf-devices.c index 41b751b83a..dd38a61981 100644 --- a/src/core/bpf-devices.c +++ b/src/core/bpf-devices.c @@ -7,6 +7,7 @@ #include "bpf-program.h" #include "fd-util.h" #include "fileio.h" +#include "nulstr-util.h" #include "parse-util.h" #include "stat-util.h" #include "stdio-util.h" @@ -417,3 +418,32 @@ int bpf_devices_whitelist_major(BPFProgram *prog, const char *path, const char * return 0; } + +int bpf_devices_whitelist_static(BPFProgram *prog, const char *path) { + static const char auto_devices[] = + "/dev/null\0" "rwm\0" + "/dev/zero\0" "rwm\0" + "/dev/full\0" "rwm\0" + "/dev/random\0" "rwm\0" + "/dev/urandom\0" "rwm\0" + "/dev/tty\0" "rwm\0" + "/dev/ptmx\0" "rwm\0" + /* Allow /run/systemd/inaccessible/{chr,blk} devices for mapping InaccessiblePaths */ + "/run/systemd/inaccessible/chr\0" "rwm\0" + "/run/systemd/inaccessible/blk\0" "rwm\0"; + int r = 0, k; + + const char *node, *acc; + NULSTR_FOREACH_PAIR(node, acc, auto_devices) { + k = bpf_devices_whitelist_device(prog, path, node, acc); + if (r >= 0 && k < 0) + r = k; + } + + /* PTS (/dev/pts) devices may not be duplicated, but accessed */ + k = bpf_devices_whitelist_major(prog, path, "pts", 'c', "rw"); + if (r >= 0 && k < 0) + r = k; + + return r; +} |