From 56f627caf0f8990faed67dcadbf6d8ef1ddd7e2d Mon Sep 17 00:00:00 2001
From: Daniel Walsh <dwalsh@redhat.com>
Date: Fri, 13 Jun 2008 08:14:39 +0100
Subject: [PATCH 03/48] don't leak file descriptor on umount

I think this is a leaked file descriptor from hal.  Hal opens the lock
file for write and then fails to call fcntl(fd,F_SETFD, FD_CLOSEXEC)

When the confined mount program runs, the SELinux kernel notices the open file
descriptor, checks the domain to see if it has access, then closes it with the
error.
---
 tools/hal-storage-shared.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/tools/hal-storage-shared.c b/tools/hal-storage-shared.c
index b10be10..422f00e 100644
--- a/tools/hal-storage-shared.c
+++ b/tools/hal-storage-shared.c
@@ -706,6 +706,8 @@ lock_hal_mtab (void)
 	if (lock_mtab_fd < 0)
 		return FALSE;
 
+	fcntl(lock_mtab_fd, F_SETFD, FD_CLOEXEC);
+
 tryagain:
 #if sun
 	if (lockf (lock_mtab_fd, F_LOCK, 0) != 0) {
-- 
1.6.1.2