summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
blob: 14f0ce9cd9876f0e42a1b78c29a75a102023e7f7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
From 193d42c8312cb8b189745696065b3aa5bbcc6968 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe.macdonald@windriver.com>
Date: Tue, 15 Oct 2013 10:07:43 -0400
Subject: [PATCH 1/3] libselinux: make SOCK_CLOEXEC optional

libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
before using it, however libselinux/src/avc_internal.c does not.  Since
SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
platforms, we need to ensure we protect the references it it in the same
way.

Uptream-Status: Inappropriate

Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
---
 libselinux/src/avc_internal.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/avc_internal.c b/libselinux/src/avc_internal.c
index f735e73..eb0599a 100644
--- a/src/avc_internal.c
+++ b/src/avc_internal.c
@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
 	int len, rc = 0;
 	struct sockaddr_nl addr;
 
-	fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
+	fd = socket(PF_NETLINK, SOCK_RAW
+#ifdef SOCK_CLOEXEC
+               | SOCK_CLOEXEC
+#else
+#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+               , NETLINK_SELINUX);
 	if (fd < 0) {
 		rc = fd;
 		goto out;
-- 
1.7.10.4