From mboxrd@z Thu Jan  1 00:00:00 1970
From: Harald Hoyer <harald@redhat.com>
Date: Mon, 20 Sep 2004 14:08:23 +0000
Subject: PATCH udev close on exec
Message-Id: <414EE457.40006@redhat.com>
MIME-Version: 1
Content-Type: multipart/mixed; boundary="------------000802080704000407000809"
List-Id: <linux-hotplug.vger.kernel.org>
To: linux-hotplug@vger.kernel.org

This is a multi-part message in MIME format.
--------------000802080704000407000809
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

selinux wants a clean fd set, so better close all open fds

--------------000802080704000407000809
Content-Type: text/plain;
 name="udev-030-cloexec.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="udev-030-cloexec.patch"

--- udev-032/udevd.c.cloexec	2004-09-20 16:01:57.902138264 +0200
+++ udev-032/udevd.c	2004-09-20 16:01:57.910137048 +0200
@@ -478,6 +478,8 @@
 		exit(1);
 	}
 
+	set_cloexec_flag(ssock, 1);
+
 	/* the bind takes care of ensuring only one copy running */
 	retval = bind(ssock, (struct sockaddr *) &saddr, addrlen);
 	if (retval < 0) {
--- udev-032/namedev.c.cloexec	2004-09-20 16:01:57.901138416 +0200
+++ udev-032/namedev.c	2004-09-20 16:01:57.911136896 +0200
@@ -454,10 +454,8 @@
 	switch(pid) {
 	case 0:
 		/* child */
-		close(STDOUT_FILENO);
-
-		/* dup write side of pipe to STDOUT */
-		dup(fds[1]);
+		/* dup2 write side of pipe to STDOUT */
+		dup2(fds[1], STDOUT_FILENO);
 		if (argv[0] !=  NULL) {
 			dbg("execute '%s' with given arguments", argv[0]);
 			retval = execv(argv[0], argv);
--- udev-032/tdb/tdb.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/tdb/tdb.c	2004-09-20 16:01:57.912136744 +0200
@@ -65,6 +65,7 @@
 #include <signal.h>
 #include "tdb.h"
 #include "spinlock.h"
+#include "../udev_lib.h"
 #else
 #include "includes.h"
 #endif
@@ -1736,6 +1737,12 @@
 		goto fail;	/* errno set by open(2) */
 	}
 
+	/* 
+	   Close file when execing another process.  
+	   Prevents SELinux access errors.
+	*/
+	set_cloexec_flag(tdb->fd, 1);
+
 	/* ensure there is only one process initialising at once */
 	if (tdb_brlock(tdb, GLOBAL_LOCK, F_WRLCK, F_SETLKW, 0) == -1) {
 		TDB_LOG((tdb, 0, "tdb_open_ex: failed to get global lock on %s: %s\n",
--- udev-032/dev_d.c.cloexec	2004-09-20 16:01:57.907137504 +0200
+++ udev-032/dev_d.c	2004-09-20 16:02:44.062120880 +0200
@@ -23,9 +23,13 @@
 #include <string.h>
 #include <sys/types.h>
 #include <sys/wait.h>
+#include <sys/stat.h>
 #include <unistd.h>
+#include <fcntl.h>
+
 #include "udev.h"
 #include "udev_lib.h"
+#include "udevdb.h"
 #include "logging.h"
 
 #define DEVD_DIR			"/etc/dev.d/"
@@ -34,6 +38,7 @@
 static int run_program(char *name)
 {
 	pid_t pid;
+	int fd;
 
 	dbg("running %s", name);
 
@@ -41,6 +46,14 @@
 	switch (pid) {
 	case 0:
 		/* child */
+		udevdb_exit();  /* close udevdb */
+		fd = open("/dev/null", O_RDWR);
+		if ( fd >= 0) {
+			dup2(fd, STDOUT_FILENO);
+			dup2(fd, STDIN_FILENO);
+			dup2(fd, STDERR_FILENO);
+		}
+		close(fd);
 		execv(name, main_argv);
 		dbg("exec of child failed");
 		exit(1);
--- udev-032/udev_lib.h.cloexec	2004-09-14 07:55:34.000000000 +0200
+++ udev-032/udev_lib.h	2004-09-20 16:01:57.914136440 +0200
@@ -84,6 +84,6 @@
 extern void leading_slash(char *path);
 extern void no_leading_slash(char *path);
 extern int  call_foreach_file(int fnct(char *f) , char *filename, char *extension);
-
+extern int set_cloexec_flag (int desc, int value);
 
 #endif
--- udev-032/udev_lib.c.cloexec	2004-09-14 07:55:37.000000000 +0200
+++ udev-032/udev_lib.c	2004-09-20 16:01:57.914136440 +0200
@@ -255,3 +255,22 @@
 	closedir(dir);
 	return 0;
 }
+
+/* Set the FD_CLOEXEC  flag of desc if value is nonzero,
+   or clear the flag if value is 0.
+   Return 0 on success, or -1 on error with errno  set. */ 
+	
+int set_cloexec_flag (int desc, int value)
+{
+	int oldflags = fcntl (desc, F_GETFD, 0);
+	/* If reading the flags failed, return error indication now. */
+	if (oldflags < 0)
+		return oldflags;
+	/* Set just the flag we want to set. */
+	if (value != 0)
+		oldflags |= FD_CLOEXEC;
+	else
+		oldflags &= ~FD_CLOEXEC;
+	/* Store modified flag word in the descriptor. */
+	return fcntl (desc, F_SETFD, oldflags);
+}
--- udev-032/udevsend.c.cloexec	2004-09-14 07:55:32.000000000 +0200
+++ udev-032/udevsend.c	2004-09-20 16:01:57.915136288 +0200
@@ -171,6 +171,8 @@
 		goto fallback;
 	}
 
+	set_cloexec_flag(sock, 1);
+
 	memset(&saddr, 0x00, sizeof(struct sockaddr_un));
 	saddr.sun_family = AF_LOCAL;
 	/* use abstract namespace for socket path */

--------------000802080704000407000809--


-------------------------------------------------------
This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170
Project Admins to receive an Apple iPod Mini FREE for your judgement on
who ports your project to Linux PPC the best. Sponsored by IBM.
Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php
_______________________________________________
Linux-hotplug-devel mailing list  http://linux-hotplug.sourceforge.net
Linux-hotplug-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-hotplug-devel