ensure write is actually read inclusive

2025-11-02 23:44:55 +11:00 · 2025-11-02 23:44:55 +11:00 · 36d52304cb
commit 36d52304cb
parent 861de08a9b
1 changed files with 10 additions and 4 deletions
--- a/src/main.rs
+++ b/src/main.rs
@ -96,10 +96,16 @@ examples
    };
    let mut ruleset = preempt.create().context("creating ruleset")?;
    for (perms, paths) in opts.fs {
-        let mut access = match perms.base {
-            BasePermission::Unset => BitFlags::empty(),
-            BasePermission::Read => AccessFs::from_read(ABI::V6),
-            BasePermission::Write => AccessFs::from_write(ABI::V6),
+        let mut access = BitFlags::empty();
+        match perms.base {
+            BasePermission::Unset => {}
+            BasePermission::Read => {
+                access = AccessFs::from_read(ABI::V6);
+            }
+            BasePermission::Write => {
+                access = AccessFs::from_write(ABI::V6);
+                access.insert(AccessFs::from_read(ABI::V6));
+            }
        };
        if perms.ioctl {
            access.insert(make_bitflags!(AccessFs::IoctlDev));