Martchus
/
mdadm
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Mark some files FD_CLOEXEC to protect sendmail from them. 

From: Doug Ledford <dledford@redhat.com>

When running with SELinux enabled and using mdadm to monitor devices,
attempts to send emails to an admin will be blocked because mdadm is
holding open /proc/mdstat without setting the FD_CLOEXEC flag.  As a
result, sendmail has an open descriptor to /proc/mdstat after the
popen() call, which SELinux decides isn't really any of sendmail's
business and so sendmail gets denied.
This commit is contained in:
Doug Ledford 2007-07-09 09:59:54 +10:00 committed by Neil Brown
parent 32e5a4ee4c
commit e4dc510628
2 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Monitor.c
View File

@ -234,6 +234,7 @@ int Monitor(mddev_dev_t devlist,
*/ st->err=1;
continue;
}
fcntl(fd, F_SETFD, FD_CLOEXEC);
if (ioctl(fd, GET_ARRAY_INFO, &array)<0) {
if (!st->err)
alert("DeviceDisappeared", dev, NULL,

6
mdstat.c
View File

@ -114,6 +114,8 @@ struct mdstat_ent *mdstat_read(int hold, int start)
f = fopen("/proc/mdstat", "r");
if (f == NULL)
return NULL;
else
fcntl(fileno(f), F_SETFD, FD_CLOEXEC);
all = NULL;
end = &all;
@ -221,8 +223,10 @@ struct mdstat_ent *mdstat_read(int hold, int start)
end = &ent->next;
}
}
if (hold && mdstat_fd == -1)
if (hold && mdstat_fd == -1) {
mdstat_fd = dup(fileno(f));
fcntl(mdstat_fd, F_SETFD, FD_CLOEXEC);
}
fclose(f);
/* If we might want to start array,