From 36d52304cbb99a77eb807e26b67d348f69be1d41 Mon Sep 17 00:00:00 2001
From: atagen <boss@atagen.co>
Date: Sun, 2 Nov 2025 23:44:55 +1100
Subject: [PATCH] ensure write is actually read inclusive

---
 src/main.rs | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index f315ec4..1249f2f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -96,10 +96,16 @@ examples
     };
     let mut ruleset = preempt.create().context("creating ruleset")?;
     for (perms, paths) in opts.fs {
-        let mut access = match perms.base {
-            BasePermission::Unset => BitFlags::empty(),
-            BasePermission::Read => AccessFs::from_read(ABI::V6),
-            BasePermission::Write => AccessFs::from_write(ABI::V6),
+        let mut access = BitFlags::empty();
+        match perms.base {
+            BasePermission::Unset => {}
+            BasePermission::Read => {
+                access = AccessFs::from_read(ABI::V6);
+            }
+            BasePermission::Write => {
+                access = AccessFs::from_write(ABI::V6);
+                access.insert(AccessFs::from_read(ABI::V6));
+            }
         };
         if perms.ioctl {
             access.insert(make_bitflags!(AccessFs::IoctlDev));