2 files changed, 8 insertions, 3 deletions

diff --git a/src/user/lib/fs/misc.c b/src/user/lib/fs/misc.c
index f660f6f..860b312 100644
--- a/src/user/lib/fs/misc.c
+++ b/src/user/lib/fs/misc.c
@@ -135,7 +135,7 @@ void fs_union(const char **list) {
 				size_t prefixlen = strlen(prefix);
 				// TODO only open the directories once
 				// TODO ensure trailing slash
-				handle_t h = _syscall_open(prefix, prefixlen, 0);
+				handle_t h = _syscall_open(prefix, prefixlen, OPEN_READ);
 				if (h < 0) continue;
 				end = end || dir_append_from(&db, h);
 				_syscall_close(h);
diff --git a/src/user/lib/fs/whitelist.c b/src/user/lib/fs/whitelist.c
index 676b36f..571ebfb 100644
--- a/src/user/lib/fs/whitelist.c
+++ b/src/user/lib/fs/whitelist.c
@@ -1,5 +1,6 @@
 #include <camellia/flags.h>
 #include <camellia/syscalls.h>
+#include <errno.h>
 #include <stdlib.h>
 #include <string.h>
 #include <user/lib/fs/dir.h>
@@ -49,6 +50,7 @@ void fs_whitelist(const char **whitelist) {
 
 		switch (res.op) {
 			case VFSOP_OPEN: {
+				bool error = false;
 				bool passthru = false;
 				bool inject = false;
 
@@ -57,8 +59,9 @@ void fs_whitelist(const char **whitelist) {
 					size_t entry_len = suffix_parse(*entry, strlen(*entry), &ro);
 					/* If *entry is a prefix of the opened path, pass the open() through. */
 					if (prefix_match(*entry, entry_len, buf, res.len)) {
-						if (ro) res.flags |= OPEN_RO;
 						passthru = true;
+						if (ro && OPEN_WRITEABLE(res.flags))
+							error = true;
 						break;
 					}
 					/* If the path is a prefix of *entry, we might need to inject a directory. */
@@ -66,7 +69,9 @@ void fs_whitelist(const char **whitelist) {
 						inject = true;
 					}
 				}
-				if (passthru) {
+				if (error) {
+					_syscall_fs_respond(reqh, NULL, -EACCES, 0);
+				} else if (passthru) {
 					forward_open(reqh, buf, res.len, res.flags);
 				} else if (inject) {
 					// TODO all the inject points could be precomputed