diff options
| author | Joe MacDonald <joe.macdonald@windriver.com> | 2013-10-15 10:27:27 -0400 |
|---|---|---|
| committer | Mark Hatle <mark.hatle@windriver.com> | 2013-11-14 19:28:12 +0000 |
| commit | 0e405f98266b48969c2173d032878cc6b2893fcb (patch) | |
| tree | d6f0c97e571acb7a2525f80c50d0b86e718cc7a0 /recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch | |
| parent | 7b142317419beb97f4815159177a3dd96c76c282 (diff) | |
| download | meta-selinux-0e405f98266b48969c2173d032878cc6b2893fcb.tar.gz | |
libselinux / libsemanage: work around FD_CLOEXEC and SOCK_CLOEXEC absence
[ CQID: WIND00438478 ]
[ CQID: WIND00439485 ]
Turns out some of the truly old hosts don't even really recognize
FD_CLOEXEC and most of the older ones don't know about SOCK_CLOEXEC. Work
around each (define FD_CLOEXEC to something sensible, simply don't use
SOCK_CLOEXEC, produce warnings in either event).
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
Diffstat (limited to 'recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch')
| -rw-r--r-- | recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch new file mode 100644 index 0000000..14f0ce9 --- /dev/null +++ b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From 193d42c8312cb8b189745696065b3aa5bbcc6968 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Joe MacDonald <joe.macdonald@windriver.com> | ||
| 3 | Date: Tue, 15 Oct 2013 10:07:43 -0400 | ||
| 4 | Subject: [PATCH 1/3] libselinux: make SOCK_CLOEXEC optional | ||
| 5 | |||
| 6 | libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC | ||
| 7 | before using it, however libselinux/src/avc_internal.c does not. Since | ||
| 8 | SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older | ||
| 9 | platforms, we need to ensure we protect the references it it in the same | ||
| 10 | way. | ||
| 11 | |||
| 12 | Uptream-Status: Inappropriate | ||
| 13 | |||
| 14 | Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> | ||
| 15 | --- | ||
| 16 | libselinux/src/avc_internal.c | 8 +++++++- | ||
| 17 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
| 18 | |||
| 19 | diff --git a/src/avc_internal.c b/libselinux/src/avc_internal.c | ||
| 20 | index f735e73..eb0599a 100644 | ||
| 21 | --- a/src/avc_internal.c | ||
| 22 | +++ b/src/avc_internal.c | ||
| 23 | @@ -60,7 +60,13 @@ int avc_netlink_open(int blocking) | ||
| 24 | int len, rc = 0; | ||
| 25 | struct sockaddr_nl addr; | ||
| 26 | |||
| 27 | - fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX); | ||
| 28 | + fd = socket(PF_NETLINK, SOCK_RAW | ||
| 29 | +#ifdef SOCK_CLOEXEC | ||
| 30 | + | SOCK_CLOEXEC | ||
| 31 | +#else | ||
| 32 | +#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors | ||
| 33 | +#endif | ||
| 34 | + , NETLINK_SELINUX); | ||
| 35 | if (fd < 0) { | ||
| 36 | rc = fd; | ||
| 37 | goto out; | ||
| 38 | -- | ||
| 39 | 1.7.10.4 | ||
| 40 | |||