commit - d5df63dab35a6063d2fa0b9abfdbd8fd9a50deb8
commit + 762ddcd8e63f22e481054b5046adb0f913f2bada
blob - dc6c5b47ca22fd7c72e5f927a8779a2b71e8e2f7
blob + 258337e16f81c1150f8b245693b587afe86be143
--- libexec/got-read-patch/got-read-patch.c
+++ libexec/got-read-patch/got-read-patch.c
got_privsep_send_error(&ibuf, err);
return 1;
}
+
+ /* revoke fs access */
+ if (landlock_no_fs() == -1) {
+ err = got_error_from_errno("landlock_no_fs");
+ got_privsep_send_error(&ibuf, err);
+ return 1;
+ }
#endif
err = got_privsep_recv_imsg(&imsg, &ibuf, 0);