[acpid: 1/2] - fixes #648221 - SELinux is preventing /sbin/iwconfig access to a leaked /dev/input/event0 file des

Jiri Skala jskala at fedoraproject.org
Wed Nov 3 14:05:26 UTC 2010 

commit 7cbe252d2196221cbaa425fcda6ca99ec0e87c91
Author: Jiri Skala <jskala at localhost.(none)>
Date:   Wed Nov 3 15:02:39 2010 +0100

    - fixes #648221 - SELinux is preventing /sbin/iwconfig access to a leaked /dev/input/event0 file descriptor

 acpid-2.0.5-cloexec.patch |   11 +++++++++++
 acpid.spec                |    7 ++++++-
 2 files changed, 17 insertions(+), 1 deletions(-)
---
diff --git a/acpid-2.0.5-cloexec.patch b/acpid-2.0.5-cloexec.patch
new file mode 100644
index 0000000..d2954b2
--- /dev/null
+++ b/acpid-2.0.5-cloexec.patch
@@ -0,0 +1,11 @@
+diff -up acpid-2.0.5/input_layer.c.cloexec acpid-2.0.5/input_layer.c
+--- acpid-2.0.5/input_layer.c.cloexec	2010-11-03 14:53:16.515625864 +0100
++++ acpid-2.0.5/input_layer.c	2010-11-03 14:53:50.235623005 +0100
+@@ -291,6 +291,7 @@ int open_inputfile(const char *filename)
+ 	struct connection c;
+ 
+ 	fd = open(filename, O_RDONLY | O_NONBLOCK);
++	fcntl(fd, F_SETFD, FD_CLOEXEC);
+ 
+ 	if (fd >= 0) {
+ 		/* if this file doesn't have events we need, indicate failure */
diff --git a/acpid.spec b/acpid.spec
index 9da505a..ebb4b70 100644
--- a/acpid.spec
+++ b/acpid.spec
@@ -1,7 +1,7 @@
 Summary: ACPI Event Daemon
 Name: acpid
 Version: 2.0.5
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: GPLv2+
 Group: System Environment/Daemons
 Source: http://tedfelix.com/linux/acpid-%{version}.tar.gz
@@ -13,6 +13,7 @@ Source5: acpid.service
 
 Patch1: acpid-2.0.2-makefile.patch
 Patch2: acpid-2.0.5-forking.patch
+Patch3: acpid-2.0.5-cloexec.patch
 
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 ExclusiveArch: ia64 x86_64 %{ix86}
@@ -32,6 +33,7 @@ acpid is a daemon that dispatches ACPI events to user-space programs.
 
 %patch1 -p1 -b .makefile
 %patch2 -p1 -b .forking
+%patch3 -p1 -b .cloexec
 
 %build
 make %{?_smp_mflags}
@@ -113,6 +115,9 @@ if [ "$1" -ge "1" ]; then
 fi
 
 %changelog
+* Wed Nov 03 2010 Jiri Skala <jskala at redhat.com> - 2.0.5-4
+- fixes #648221 - SELinux is preventing /sbin/iwconfig access to a leaked /dev/input/event0 file descriptor
+
 * Mon Sep 13 2010 Jiri Skala <jskala at redhat.com> - 2.0.5-3
 - fixes #629740 - acpid doesn't fork, but systemd unit file claims otherwise

More information about the scm-commits mailing list