fix: added landlock access to /usr/libexec for getter (#16900)

2026-01-01 16:05:42 +03:00 · 2023-04-20 17:16:04 +01:00
parent e169847a64
commit 206236039c
2 changed files with 4 additions and 0 deletions
--- a/.changelog/16900.txt
+++ b/.changelog/16900.txt
@@ -0,0 +1,3 @@
+```release-note:bug
+fix: Added "/usr/libexec" to the landlocked directories the getter has access to
+```
--- a/client/allocrunner/taskrunner/getter/util_linux.go
+++ b/client/allocrunner/taskrunner/getter/util_linux.go
@@ -63,6 +63,7 @@ func lockdown(allocDir, taskDir string) error {
 		landlock.Dir("/bin", "rx"),
 		landlock.Dir("/usr/bin", "rx"),
 		landlock.Dir("/usr/local/bin", "rx"),
+		landlock.Dir("/usr/libexec", "rx"),
 		landlock.Dir(allocDir, "rwc"),
 		landlock.Dir(taskDir, "rwc"),
 	}