From f9c0ade7cd9a514d4ca6f81f797284e11c56b31a Mon Sep 17 00:00:00 2001 From: Chris White Date: Wed, 21 Feb 2024 15:22:44 -0500 Subject: [PATCH] Make fill_process_comm() open comm file as READ_ONLY The fill_process_comm() opens the comm file using O_RDWR. The function itself does not perform a write operation on the file, and opening this in read and write mode can cause selinux policy violations where opening the file with write permission is restricted. Since the function itself only needs to read from this fd, changing this to READ_ONLY (O_RDONLY) Signed-off-by: Chris White Signed-off-by: John Kacur --- src/utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils.c b/src/utils.c index f6feca7040d8..898f4a5d06a7 100644 --- a/src/utils.c +++ b/src/utils.c @@ -55,7 +55,7 @@ int fill_process_comm(int tgid, int pid, char *comm, int comm_size) if (retval < 0) goto out_error; - fd = open(path, O_RDWR); + fd = open(path, O_RDONLY); if (fd < 0) { log_msg("failed to open comm file at %s\n", path); goto out_error; -- 2.43.0