op public repos

Commit Diff

Commit:: c273bc0e414a3405a9c009bcf05fd8bae488bfdf
From:: Omar Polo <op@omarpolo.com>
Date:: Sun Feb 13 16:21:37 2022 UTC
Message:: sync changelog
Actions:: Patch | Tree

commit - 4f0e893cd3889acb8e3d40d359610749189adc25
commit + c273bc0e414a3405a9c009bcf05fd8bae488bfdf
blob - 8a09d10788b596eb705d0993f93d434ab546f167
blob + 158208b0a2aa8a9ecf4a439f020c3788a4886af7
--- ChangeLog
+++ ChangeLog
@@ -1,3 +1,8 @@
+2022-02-13  Omar Polo  <op@openbsd.org>
+
+	* sandbox.c (filter): tightens seccomp policy wrt openat: allow
+	only with the O_RDONLY flag.
+
 2022-02-13  Tobias Berger  <tobi.berger13@gmail.com>
 
 	* sandbox.c (filter): allow fstatat64, llseek and sigreturn;