luxolus
/
open-nomad
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

fix: added landlock access to /usr/libexec for getter (#16900)

This commit is contained in:
astudentofblake 2023-04-20 17:16:04 +01:00 committed by GitHub
parent b0fe69fded
commit 42c4c8d5ea
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.changelog/16900.txt Normal file
View File

@ -0,0 +1,3 @@
```release-note:bug
fix: Added "/usr/libexec" to the landlocked directories the getter has access to
```

1
client/allocrunner/taskrunner/getter/util_linux.go
View File

@ -63,6 +63,7 @@ func lockdown(allocDir, taskDir string) error {
landlock.Dir("/bin", "rx"), landlock.Dir("/bin", "rx"),
landlock.Dir("/usr/bin", "rx"), landlock.Dir("/usr/bin", "rx"),
landlock.Dir("/usr/local/bin", "rx"), landlock.Dir("/usr/local/bin", "rx"),
landlock.Dir("/usr/libexec", "rx"),
landlock.Dir(allocDir, "rwc"), landlock.Dir(allocDir, "rwc"),
landlock.Dir(taskDir, "rwc"), landlock.Dir(taskDir, "rwc"),
} }