PATCH udev close on exec

[Harald Hoyer <harald@redhat.com>]

[-- Attachment #1: Type: text/plain, Size: 59 bytes --]

selinux wants a clean fd set, so better close all open fds

[-- Attachment #2: udev-030-cloexec.patch --]
[-- Type: text/plain, Size: 3776 bytes --]

--- udev-032/udevd.c.cloexec	2004-09-20 16:01:57.902138264 +0200
+++ udev-032/udevd.c	2004-09-20 16:01:57.910137048 +0200
@@ -478,6 +478,8 @@
 		exit(1);
 	}
 
+	set_cloexec_flag(ssock, 1);
+
 	/* the bind takes care of ensuring only one copy running */
 	retval = bind(ssock, (struct sockaddr *) &saddr, addrlen);
 	if (retval < 0) {
--- udev-032/namedev.c.cloexec	2004-09-20 16:01:57.901138416 +0200
+++ udev-032/namedev.c	2004-09-20 16:01:57.911136896 +0200
@@ -454,10 +454,8 @@
 	switch(pid) {
 	case 0:
 		/* child */
-		close(STDOUT_FILENO);
-
-		/* dup write side of pipe to STDOUT */
-		dup(fds[1]);
+		/* dup2 write side of pipe to STDOUT */
+		dup2(fds[1], STDOUT_FILENO);
 		if (argv[0] !=  NULL) {
 			dbg("execute '%s' with given arguments", argv[0]);
 			retval = execv(argv[0], argv);
--- udev-032/tdb/tdb.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/tdb/tdb.c	2004-09-20 16:01:57.912136744 +0200
@@ -65,6 +65,7 @@
 #include <signal.h>
 #include "tdb.h"
 #include "spinlock.h"
+#include "../udev_lib.h"
 #else
 #include "includes.h"
 #endif
@@ -1736,6 +1737,12 @@
 		goto fail;	/* errno set by open(2) */
 	}
 
+	/* 
+	   Close file when execing another process.  
+	   Prevents SELinux access errors.
+	*/
+	set_cloexec_flag(tdb->fd, 1);
+
 	/* ensure there is only one process initialising at once */
 	if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
 		TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: %s\n",
--- udev-032/dev_d.c.cloexec	2004-09-20 16:01:57.907137504 +0200
+++ udev-032/dev_d.c	2004-09-20 16:02:44.062120880 +0200
@@ -23,9 +23,13 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <unistd.h>
+#include <fcntl.h>
+
 #include "udev.h"
 #include "udev_lib.h"
+#include "udevdb.h"
 #include "logging.h"
 
 #define DEVD_DIR			"/etc/dev.d/"
@@ -34,6 +38,7 @@
 static int run_program(char *name)
 {
 	pid_t pid;
+	int fd;
 
 	dbg("running %s", name);
 
@@ -41,6 +46,14 @@
 	switch (pid) {
 	case 0:
 		/* child */
+		udevdb_exit();  /* close udevdb */
+		fd = open("/dev/null", O_RDWR);
+		if ( fd >= 0) {
+			dup2(fd, STDOUT_FILENO);
+			dup2(fd, STDIN_FILENO);
+			dup2(fd, STDERR_FILENO);
+		}
+		close(fd);
 		execv(name, main_argv);
 		dbg("exec of child failed");
 		exit(1);
--- udev-032/udev_lib.h.cloexec	2004-09-14 07:55:34.000000000 +0200
+++ udev-032/udev_lib.h	2004-09-20 16:01:57.914136440 +0200
@@ -84,6 +84,6 @@
 extern void leading_slash(char *path);
 extern void no_leading_slash(char *path);
 extern int  call_foreach_file(int fnct(char *f) , char *filename, char *extension);
-
+extern int set_cloexec_flag (int desc, int value);
 
 #endif
--- udev-032/udev_lib.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/udev_lib.c	2004-09-20 16:01:57.914136440 +0200
@@ -255,3 +255,22 @@
 	closedir(dir);
 	return 0;
 }
+
+/* Set the FD_CLOEXEC  flag of desc if value is nonzero,
+   or clear the flag if value is 0.
+   Return 0 on success, or -1 on error with errno  set. */ 
+	
+int set_cloexec_flag (int desc, int value)
+{
+	int oldflags = fcntl (desc, F_GETFD, 0);
+	/* If reading the flags failed, return error indication now. */
+	if (oldflags < 0)
+		return oldflags;
+	/* Set just the flag we want to set. */
+	if (value != 0)
+		oldflags |= FD_CLOEXEC;
+	else
+		oldflags &= ~FD_CLOEXEC;
+	/* Store modified flag word in the descriptor. */
+	return fcntl (desc, F_SETFD, oldflags);
+}
--- udev-032/udevsend.c.cloexec	2004-09-14 07:55:32.000000000 +0200
+++ udev-032/udevsend.c	2004-09-20 16:01:57.915136288 +0200
@@ -171,6 +171,8 @@
 		goto fallback;
 	}
 
+	set_cloexec_flag(sock, 1);
+
 	memset(&saddr, 0x00, sizeof(struct sockaddr_un));
 	saddr.sun_family = AF_LOCAL;
 	/* use abstract namespace for socket path */