dasharo/sbctl
0
0
Fork 0
mirror of https://github.com/Dasharo/sbctl.git synced 2026-03-06 15:04:14 -08:00
Code Issues Packages Projects Releases Wiki Activity

create-keys: ensure we have access to /var/lib

Browse Source 
Signed-off-by: Morten Linderud <morten@linderud.pw>
This commit is contained in:
Morten Linderud
2024-07-31 16:16:07 +02:00
parent 8c6cc100a2
commit 61f918052d
1 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cmd/sbctl/create-keys.go
+5
View File
@@ -3,12 +3,14 @@ package main
import (
"fmt"
"path"
"path/filepath"
"github.com/foxboron/sbctl"
"github.com/foxboron/sbctl/backend"
"github.com/foxboron/sbctl/config"
"github.com/foxboron/sbctl/logging"
"github.com/foxboron/sbctl/lsm"
"github.com/landlock-lsm/go-landlock/landlock"
"github.com/spf13/cobra"
)
@@ -30,6 +32,9 @@ var createKeysCmd = &cobra.Command{
func RunCreateKeys(state *config.State) error {
if state.Config.Landlock {
lsm.RestrictAdditionalPaths(
landlock.RWDirs(filepath.Dir(filepath.Dir(filepath.Clean(state.Config.Keydir)))),
)
if err := lsm.Restrict(); err != nil {
return err
}