[ypserv/f16] Use O_CLOEXEC when opening pid file to avoid SELinux issues Resolves: #809120

Honza Horak hhorak at fedoraproject.org
Mon Apr 16 11:01:01 UTC 2012 

commit 44759b5a05012d69f97435b8d79e51a7044b01de
Author: Honza HorĂ¡k <hhorak at redhat.com>
Date:   Mon Apr 16 12:25:15 2012 +0200

    Use O_CLOEXEC when opening pid file to avoid SELinux issues
    Resolves: #809120

 ypserv-2.27-cloexec.patch |   12 ++++++++++++
 ypserv.spec               |    8 +++++++-
 2 files changed, 19 insertions(+), 1 deletions(-)
---
diff --git a/ypserv-2.27-cloexec.patch b/ypserv-2.27-cloexec.patch
new file mode 100644
index 0000000..874f895
--- /dev/null
+++ b/ypserv-2.27-cloexec.patch
@@ -0,0 +1,12 @@
+diff -up ypserv-2.26/lib/pidfile.c.cloexec ypserv-2.26/lib/pidfile.c
+--- ypserv-2.26/lib/pidfile.c.cloexec	2011-04-15 16:49:41.000000000 +0200
++++ ypserv-2.26/lib/pidfile.c	2012-04-13 20:49:55.643903727 +0200
+@@ -33,7 +33,7 @@ create_pidfile (const char *filename, co
+   char pbuf[50], *ptr;
+   struct flock lock;
+ 
+-  fd = open (filename, O_CREAT | O_RDWR,
++  fd = open (filename, O_CREAT | O_RDWR | O_CLOEXEC,
+ 	     S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
+   if (fd < 0)
+     {
diff --git a/ypserv.spec b/ypserv.spec
index b9ee0da..348afd6 100644
--- a/ypserv.spec
+++ b/ypserv.spec
@@ -2,7 +2,7 @@ Summary: The NIS (Network Information Service) server
 Url: http://www.linux-nis.org/nis/ypserv/index.html
 Name: ypserv
 Version: 2.26
-Release: 9%{?dist}
+Release: 10%{?dist}
 License: GPLv2
 Group: System Environment/Daemons
 Source0: ftp://ftp.kernel.org/pub/linux/utils/net/NIS/ypserv-%{version}.tar.bz2
@@ -34,6 +34,7 @@ Patch12: ypserv-2.26-shadow.patch
 Patch13: ypserv-2.26-errmsg.patch
 Patch14: ypserv-2.26-emptydomain.patch
 Patch15: ypserv-2.26-retval.patch
+Patch16: ypserv-2.27-cloexec.patch
 BuildRequires: gdbm-devel
 BuildRequires: systemd-units
 BuildRequires: autoconf, automake
@@ -75,6 +76,7 @@ machines.
 %patch13 -p1 -b .errmsg
 %patch14 -p1 -b .emptydomain
 %patch15 -p1 -b .retval
+%patch16 -p1 -b .cloexec
 
 autoreconf
 
@@ -179,6 +181,10 @@ exit 0
 %{_includedir}/*/*
 
 %changelog
+* Fri Apr 13 2012 Honza Horak <hhorak at redhat.com> - 2.26-10
+- Use O_CLOEXEC when opening pid file to avoid SELinux issues
+  Resolves: #809120
+
 * Thu Jan 12 2012 Honza Horak <hhorak at redhat.com> - 2.26-9
 - Added ypserv-pre-setdomain to respect NISDOMAIN environment variable 
   and set domainname if empty

More information about the scm-commits mailing list