Mark some files FD_CLOEXEC to protect sendmail from them.

From: Doug Ledford <dledford@redhat.com> When running with SELinux enabled and using mdadm to monitor devices, attempts to send emails to an admin will be blocked because mdadm is holding open /proc/mdstat without setting the FD_CLOEXEC flag. As a result, sendmail has an open descriptor to /proc/mdstat after the popen() call, which SELinux decides isn't really any of sendmail's business and so sendmail gets denied.
author: Doug Ledford <dledford@redhat.com> 2007-07-09 09:59:54 +1000
committer: Neil Brown <neilb@suse.de> 2007-07-09 09:59:54 +1000
commit: e4dc510628a8c2d7b92c8ed537987716175a23a2 (patch)
tree: 079411e5d3d0226bd440a8d6ddc3b3593a511d71 /Monitor.c
parent: 32e5a4ee4c7a310c67faa7d1301af2ae6d75e884 (diff)
download: mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.tar.gz
mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.tar.xz
mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/Monitor.c b/Monitor.c
index 9293637..79a88a7 100644
--- a/Monitor.c
+++ b/Monitor.c
@@ -234,6 +234,7 @@ int Monitor(mddev_dev_t devlist,
 */				st->err=1;
 				continue;
 			}
+			fcntl(fd, F_SETFD, FD_CLOEXEC);
 			if (ioctl(fd, GET_ARRAY_INFO, &array)<0) {
 				if (!st->err)
 					alert("DeviceDisappeared", dev, NULL,
author	Doug Ledford <dledford@redhat.com>	2007-07-09 09:59:54 +1000
committer	Neil Brown <neilb@suse.de>	2007-07-09 09:59:54 +1000
commit	e4dc510628a8c2d7b92c8ed537987716175a23a2 (patch)
tree	079411e5d3d0226bd440a8d6ddc3b3593a511d71 /Monitor.c
parent	32e5a4ee4c7a310c67faa7d1301af2ae6d75e884 (diff)
download	mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.tar.gz mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.tar.xz mdadm-e4dc510628a8c2d7b92c8ed537987716175a23a2.zip