The Samba-Bugzilla – Attachment 13378 Details for
Bug 12898
fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch for 4.6 and 4.7.
0001-ctdb-common-Set-close-on-exec-when-creating-PID-file.patch (text/plain), 1.13 KB, created by
Martin Schwenke
on 2017-07-14 01:27:04 UTC
(
hide
)
Description:
Patch for 4.6 and 4.7.
Filename:
MIME Type:
Creator:
Martin Schwenke
Created:
2017-07-14 01:27:04 UTC
Size:
1.13 KB
patch
obsolete
>From 31dfe6d4497fd39d08cc29497624f368190d74c6 Mon Sep 17 00:00:00 2001 >From: Martin Schwenke <martin@meltin.net> >Date: Wed, 12 Jul 2017 13:41:17 +1000 >Subject: [PATCH] ctdb-common: Set close-on-exec when creating PID file > >Otherwise, for example, the file descriptor for the main PID file will >leak all the way down to event scripts. > >BUG: https://bugzilla.samba.org/show_bug.cgi?id=12898 > >Signed-off-by: Martin Schwenke <martin@meltin.net> >Reviewed-by: Amitay Isaacs <amitay@gmail.com> >(cherry picked from commit 3e85cbfd7541d8f30ce1f3244ebcc44332b394fe) >--- > ctdb/common/pidfile.c | 8 ++++++++ > 1 file changed, 8 insertions(+) > >diff --git a/ctdb/common/pidfile.c b/ctdb/common/pidfile.c >index b3f29e3f07d..51c0c25c92e 100644 >--- a/ctdb/common/pidfile.c >+++ b/ctdb/common/pidfile.c >@@ -22,6 +22,8 @@ > > #include <talloc.h> > >+#include "lib/util/blocking.h" >+ > #include "common/pidfile.h" > > struct pidfile_context { >@@ -61,6 +63,12 @@ int pidfile_create(TALLOC_CTX *mem_ctx, const char *pidfile, > goto fail; > } > >+ if (! set_close_on_exec(fd)) { >+ close(fd); >+ ret = EIO; >+ goto fail; >+ } >+ > pid_ctx->fd = fd; > > lck = (struct flock) { >-- >2.13.2 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Actions:
View
Attachments on
bug 12898
:
13378
|
13379
|
13380