From 82cb5be5257e09d6264506b4f59387d7a7589b6c Mon Sep 17 00:00:00 2001
From: Michal Jura <mjura@suse.com>
Date: Wed, 22 Dec 2021 16:36:10 +0100
Subject: [PATCH] Add /opt to allowed directories

Some applications like nginx from Bitnami is using /opt for
entrypoint and cmd bash scripts. We would like add this directory
to allowed paths.

Signed-off-by: Michal Jura <mjura@suse.com>
---
 contrib/etc/lockc/lockc.toml | 2 ++
 lockc/src/settings.rs        | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/contrib/etc/lockc/lockc.toml b/contrib/etc/lockc/lockc.toml
index df3fb42..73c3156 100644
--- a/contrib/etc/lockc/lockc.toml
+++ b/contrib/etc/lockc/lockc.toml
@@ -358,6 +358,7 @@ allowed_paths_access_restricted = [
     "/home",
     "/lib",
     "/lib64",
+    "/opt",
     "/pause",
     "/proc",
     "/run",
@@ -390,6 +391,7 @@ allowed_paths_access_baseline = [
     "/home",
     "/lib",
     "/lib64",
+    "/opt",
     "/pause",
     "/proc",
     "/run",
diff --git a/lockc/src/settings.rs b/lockc/src/settings.rs
index 7a2f367..466e40c 100644
--- a/lockc/src/settings.rs
+++ b/lockc/src/settings.rs
@@ -212,6 +212,7 @@ static DIR_ETC: &str = "/etc";
 static DIR_LIB: &str = "/lib";
 static DIR_LIB64: &str = "/lib64";
 static PAUSE: &str = "/pause";
+static DIR_OPT: &str = "/opt";
 static DIR_PROC: &str = "/proc";
 static DIR_RUN: &str = "/run";
 static DIR_CGROUP: &str = "/sys/fs/cgroup";
@@ -460,6 +461,7 @@ impl Settings {
                 DIR_LIB.to_string(),
                 DIR_LIB64.to_string(),
                 PAUSE.to_string(),
+                DIR_OPT.to_string(),
                 DIR_PROC.to_string(),
                 DIR_RUN.to_string(),
                 DIR_CGROUP.to_string(),
@@ -494,6 +496,7 @@ impl Settings {
                 DIR_LIB.to_string(),
                 DIR_LIB64.to_string(),
                 PAUSE.to_string(),
+                DIR_OPT.to_string(),
                 DIR_PROC.to_string(),
                 DIR_RUN.to_string(),
                 DIR_CGROUP.to_string(),