From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43) id 1HOcXc-0007cb-UF for qemu-devel@nongnu.org; Tue, 06 Mar 2007 11:29:32 -0500 Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43) id 1HOcXN-0007c5-SF for qemu-devel@nongnu.org; Tue, 06 Mar 2007 11:29:31 -0500 Received: from [199.232.76.173] (helo=monty-python.gnu.org) by lists.gnu.org with esmtp (Exim 4.43) id 1HOcXN-0007c2-Kw for qemu-devel@nongnu.org; Tue, 06 Mar 2007 11:29:17 -0500 Received: from mx1.redhat.com ([66.187.233.31]) by monty-python.gnu.org with esmtp (Exim 4.52) id 1HOcXL-0000x1-3B for qemu-devel@nongnu.org; Tue, 06 Mar 2007 11:29:16 -0500 Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com [172.16.52.254]) by mx1.redhat.com (8.13.1/8.13.1) with ESMTP id l26GSiIs028883 for ; Tue, 6 Mar 2007 11:28:44 -0500 Received: from file.surrey.redhat.com (file.surrey.redhat.com [172.16.10.4]) by int-mx1.corp.redhat.com (8.13.1/8.13.1) with ESMTP id l26GSh24012763 for ; Tue, 6 Mar 2007 11:28:44 -0500 Received: (from berrange@localhost) by file.surrey.redhat.com (8.13.1/8.13.1/Submit) id l26GShXV030221 for qemu-devel@nongnu.org; Tue, 6 Mar 2007 16:28:43 GMT Date: Tue, 6 Mar 2007 16:28:43 +0000 From: "Daniel P. Berrange" Message-ID: <20070306162843.GG29872@redhat.com> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="ReaqsoxgOBHFXBhH" Content-Disposition: inline Subject: [Qemu-devel] PATCH: Close file descriptors when execing network tap setup script Reply-To: "Daniel P. Berrange" , qemu-devel@nongnu.org List-Id: qemu-devel.nongnu.org List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: qemu-devel@nongnu.org --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In the VM initialization, the files corresponding to the virtual disks are opened before the networking is setup. So when the time comes to run the network tap setup script the QEMU process has a bunch of open file handles which are leaked to the networking script. Some of the commands run by the networking script may well be executing under a confined SELinux domain so this leak of file handles triggers security audit alerts / denials. The attached patch explicitly closes all file handles prior to execing the network script, except for STDIN/OUT/ERR and the TAP file handle itself. Regards, Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=| --ReaqsoxgOBHFXBhH Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="qemu-close-fds.patch" Index: vl.c =================================================================== RCS file: /sources/qemu/qemu/vl.c,v retrieving revision 1.260 diff -u -p -r1.260 vl.c --- vl.c 28 Feb 2007 21:59:44 -0000 1.260 +++ vl.c 6 Mar 2007 16:23:26 -0000 @@ -3620,6 +3620,14 @@ static int net_tap_init(VLANState *vlan, pid = fork(); if (pid >= 0) { if (pid == 0) { + int open_max = sysconf (_SC_OPEN_MAX), i; + for (i = 0; i < open_max; i++) + if (i != STDIN_FILENO && + i != STDOUT_FILENO && + i != STDERR_FILENO && + i != fd) + close(i); + parg = args; *parg++ = (char *)setup_script; *parg++ = ifname; --ReaqsoxgOBHFXBhH--