From 96bc57d5f57da368c76b5f5c4a77081e681bd13f Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 7 Jan 2022 14:37:48 +0100
Subject: [PATCH] rework AT_FDCWD handling

this one's negative, actually

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
 src/lxcseccomp.rs | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/lxcseccomp.rs b/src/lxcseccomp.rs
index 273f3c9..7ba4f32 100644
--- a/src/lxcseccomp.rs
+++ b/src/lxcseccomp.rs
@@ -398,13 +398,13 @@ impl ProxyMessageBuffer {
     #[inline]
     pub fn arg_fd(&self, arg: u32, flags: c_int) -> Result<Fd, Error> {
         let fd = self.arg(arg)? as RawFd;
-        if fd < 0 {
-            // we pass those "as-is' to syscalls.
-            return Ok(Fd(fd));
-        }
-        // otherwise we'll open them from the process:
+        // we pass negative ones 'as-is', others get opened via the pidfd
         if fd == libc::AT_FDCWD {
+            // NOTE: we could pass this one through, but let's be explicit here, in the future we
+            // might want to reuse this one?
             Ok(self.pid_fd().fd_cwd()?)
+        } else if fd < 0 {
+            return Ok(Fd(fd));
         } else {
             Ok(self.pid_fd().fd_num(fd, flags)?)
         }
-- 
2.39.2