third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-06-06 18:33:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

add libwrap files to landlock read list (fix #450)

Browse Source
This commit is contained in:
yrutschle 2024-06-17 23:00:16 +02:00
parent 93ab4f1e3a
commit eb84c6a55b
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
landlock.c
View File

@ -112,6 +112,18 @@ static int add_resolv(int ruleset_fd)
return 0; return 0;
} }
static int add_libwrap(int ruleset_fd)
{
/* Files for libwrap */
#ifdef LIBWRAP
add_path_ro(ruleset_fd, LL_FILE, "/etc/hosts.allow");
add_path_ro(ruleset_fd, LL_FILE, "/etc/hosts.deny");
#endif
return 0;
}
void setup_landlock(void) void setup_landlock(void)
{ {
@ -147,6 +159,7 @@ void setup_landlock(void)
/* Add all the paths we need */ /* Add all the paths we need */
add_libs(ruleset_fd); add_libs(ruleset_fd);
add_resolv(ruleset_fd); add_resolv(ruleset_fd);
add_libwrap(ruleset_fd);
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
print_message(msg_config_error, "Landlock: Failed to restrict privileges"); print_message(msg_config_error, "Landlock: Failed to restrict privileges");