1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 56f627caf0f8990faed67dcadbf6d8ef1ddd7e2d Mon Sep 17 00:00:00 2001
From: Daniel Walsh <dwalsh@redhat.com>
Date: Fri, 13 Jun 2008 08:14:39 +0100
Subject: [PATCH 03/48] don't leak file descriptor on umount
I think this is a leaked file descriptor from hal. Hal opens the lock
file for write and then fails to call fcntl(fd,F_SETFD, FD_CLOSEXEC)
When the confined mount program runs, the SELinux kernel notices the open file
descriptor, checks the domain to see if it has access, then closes it with the
error.
---
tools/hal-storage-shared.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)
diff --git a/tools/hal-storage-shared.c b/tools/hal-storage-shared.c
index b10be10..422f00e 100644
--- a/tools/hal-storage-shared.c
+++ b/tools/hal-storage-shared.c
@@ -706,6 +706,8 @@ lock_hal_mtab (void)
if (lock_mtab_fd < 0)
return FALSE;
+ fcntl(lock_mtab_fd, F_SETFD, FD_CLOEXEC);
+
tryagain:
#if sun
if (lockf (lock_mtab_fd, F_LOCK, 0) != 0) {
--
1.6.1.2
|