From 56f627caf0f8990faed67dcadbf6d8ef1ddd7e2d Mon Sep 17 00:00:00 2001 From: Daniel Walsh Date: Fri, 13 Jun 2008 08:14:39 +0100 Subject: [PATCH 03/48] don't leak file descriptor on umount I think this is a leaked file descriptor from hal. Hal opens the lock file for write and then fails to call fcntl(fd,F_SETFD, FD_CLOSEXEC) When the confined mount program runs, the SELinux kernel notices the open file descriptor, checks the domain to see if it has access, then closes it with the error. --- tools/hal-storage-shared.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/tools/hal-storage-shared.c b/tools/hal-storage-shared.c index b10be10..422f00e 100644 --- a/tools/hal-storage-shared.c +++ b/tools/hal-storage-shared.c @@ -706,6 +706,8 @@ lock_hal_mtab (void) if (lock_mtab_fd < 0) return FALSE; + fcntl(lock_mtab_fd, F_SETFD, FD_CLOEXEC); + tryagain: #if sun if (lockf (lock_mtab_fd, F_LOCK, 0) != 0) { -- 1.6.1.2