From 1680cbeb40e76dd975bc8ace756e74771901d607 Mon Sep 17 00:00:00 2001
From: David Sommerseth <davids@redhat.com>
Date: Tue, 12 Apr 2011 13:57:34 +0200
Subject: Force O_CLOEXEC on the NETLINK socket

To avoid that the NETLINK socket is available to forked children,
set the FD_CLOEXEC flag on the NETLINK socket.  This also avoids
SELinux from complaining on Fedora 14.

For more information:
https://bugzilla.redhat.com/show_bug.cgi?id=689843

Signed-off-by: David Sommerseth <davids@redhat.com>
---
 python-ethtool/etherinfo.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/python-ethtool/etherinfo.c b/python-ethtool/etherinfo.c
index 42973ad..2cebdfb 100644
--- a/python-ethtool/etherinfo.c
+++ b/python-ethtool/etherinfo.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <fcntl.h>
 #include <stdlib.h>
 #include <asm/types.h>
 #include <sys/socket.h>
@@ -382,6 +383,13 @@ int open_netlink(struct etherinfo_obj_data *data)
 	*data->nlc = nl_handle_alloc();
 	nl_connect(*data->nlc, NETLINK_ROUTE);
 	if( (*data->nlc != NULL) ) {
+		/* Force O_CLOEXEC flag on the NETLINK socket */
+		if( fcntl(nl_socket_get_fd(*data->nlc), F_SETFD, FD_CLOEXEC) == -1 ) {
+			fprintf(stderr,
+				"**WARNING** Failed to set O_CLOEXEC on NETLINK socket: %s\n",
+				strerror(errno));
+		}
+
 		/* Tag this object as an active user */
 		pthread_mutex_lock(&nlc_counter_mtx);
 		(*data->nlc_users)++;
-- 
cgit