commit: 6e81c90d8704157127a33d5ec118739b41918d79
Author: Mike Gilbert <floppym <AT> gentoo <DOT> org>
AuthorDate: Mon Feb 10 19:14:00 2025 +0000
Commit: Mike Gilbert <floppym <AT> gentoo <DOT> org>
CommitDate: Sat Feb 15 01:42:54 2025 +0000
URL: https://gitweb.gentoo.org/proj/sandbox.git/commit/?id=6e81c90d
Skip access checks when opening a directory for writing
coreutils tests expect to get EISDIR.
Signed-off-by: Mike Gilbert <floppym <AT> gentoo.org>
libsandbox/libsandbox.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index b795930..f5b3e62 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -641,6 +641,12 @@ static int check_syscall(sbcontext_t *sbcontext, int
sb_nr, const char *func,
dirfd = trace_dirfd;
}
+ if (sb_nr == SB_NR_OPEN_WR || sb_nr == SB_NR_OPEN_WR_CREAT) {
+ struct stat st;
+ if (!fstatat(dirfd, file, &st, flags) && S_ISDIR(st.st_mode))
+ return 1; /* let the kernel return EISDIR */
+ }
+
if (is_symlink_func(sb_nr))
flags |= AT_SYMLINK_NOFOLLOW;
