diff options
| author | Yi Zhao <yi.zhao@windriver.com> | 2021-03-13 13:50:31 +0800 |
|---|---|---|
| committer | Joe MacDonald <joe@deserted.net> | 2021-03-17 09:39:50 -0400 |
| commit | b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf (patch) | |
| tree | a94331d8e45daadf00799dabee73a0c6f6ce2c66 /recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch | |
| parent | d10900fc87b7ac7758b15b275659b8a6e1042397 (diff) | |
| download | meta-selinux-b78b413a24cf97f5ebda73bcf36fcb15ffbe1abf.tar.gz | |
libselinux: update to 3.2
* Merge inc file into bb file.
* Drop obsolete patches:
0001-libselinux-do-not-define-gettid-for-musl.patch
libselinux-define-FD_CLOEXEC-as-necessary.patch
libselinux-make-O_CLOEXEC-optional.patch
libselinux-make-SOCK_CLOEXEC-optional.patch
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
Diffstat (limited to 'recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch')
| -rw-r--r-- | recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch | 38 |
1 files changed, 0 insertions, 38 deletions
diff --git a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch deleted file mode 100644 index 77a9136..0000000 --- a/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch +++ /dev/null | |||
| @@ -1,38 +0,0 @@ | |||
| 1 | From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Joe MacDonald <joe.macdonald@windriver.com> | ||
| 3 | Date: Tue, 15 Oct 2013 10:07:43 -0400 | ||
| 4 | Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional | ||
| 5 | |||
| 6 | libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC | ||
| 7 | before using it, however libselinux/src/avc_internal.c does not. Since | ||
| 8 | SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older | ||
| 9 | platforms, we need to ensure we protect the references it it in the same | ||
| 10 | way. | ||
| 11 | |||
| 12 | Upstream-Status: Inappropriate | ||
| 13 | |||
| 14 | Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com> | ||
| 15 | |||
| 16 | --- | ||
| 17 | src/avc_internal.c | 8 +++++++- | ||
| 18 | 1 file changed, 7 insertions(+), 1 deletion(-) | ||
| 19 | |||
| 20 | diff --git a/src/avc_internal.c b/src/avc_internal.c | ||
| 21 | index 49cecc9..148cc83 100644 | ||
| 22 | --- a/src/avc_internal.c | ||
| 23 | +++ b/src/avc_internal.c | ||
| 24 | @@ -60,7 +60,13 @@ int avc_netlink_open(int blocking) | ||
| 25 | int len, rc = 0; | ||
| 26 | struct sockaddr_nl addr; | ||
| 27 | |||
| 28 | - fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX); | ||
| 29 | + fd = socket(PF_NETLINK, SOCK_RAW | ||
| 30 | +#ifdef SOCK_CLOEXEC | ||
| 31 | + | SOCK_CLOEXEC | ||
| 32 | +#else | ||
| 33 | +#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors | ||
| 34 | +#endif | ||
| 35 | + , NETLINK_SELINUX); | ||
| 36 | if (fd < 0) { | ||
| 37 | rc = fd; | ||
| 38 | goto out; | ||