aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux/libselinux/libselinux-make-SOCK_CLOEXEC-optional.patch
blob: febced778c298164b7b3f0dbc7e4faae3f27d7fc (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe.macdonald@windriver.com>
Date: Tue, 15 Oct 2013 10:07:43 -0400
Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional

libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
before using it, however libselinux/src/avc_internal.c does not.  Since
SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
platforms, we need to ensure we protect the references it it in the same
way.

Uptream-Status: Inappropriate

Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>

---
 src/avc_internal.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/avc_internal.c b/src/avc_internal.c
index 49cecc9..148cc83 100644
--- a/src/avc_internal.c
+++ b/src/avc_internal.c
@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
 	int len, rc = 0;
 	struct sockaddr_nl addr;
 
-	fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
+	fd = socket(PF_NETLINK, SOCK_RAW
+#ifdef SOCK_CLOEXEC
+               | SOCK_CLOEXEC
+#else
+#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+               , NETLINK_SELINUX);
 	if (fd < 0) {
 		rc = fd;
 		goto out;