rpms/autofs
6
0
Fork 0
Code Issues Pull Requests Releases Activity

- Bug 397591 SELinux is preventing /sbin/rpc.statd (rpcd_t) "search" to

Browse Source 
<Unknown> (sysctl_fs_t).
- prevent fork between fd open and setting of FD_CLOEXEC.
This commit is contained in:
Ian Kent 2007-12-18 03:14:11 +00:00
parent 6dfd3f57d1
commit 8a14e5403a
2 changed files with 744 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

737
autofs-5.0.2-fd-close-on-exec-mutex.patch Normal file
View File

@ -0,0 +1,737 @@
diff --git a/daemon/automount.c b/daemon/automount.c
index f31ec11..d14f079 100644
--- a/daemon/automount.c
+++ b/daemon/automount.c
@@ -85,6 +85,7 @@ static int umount_all(struct autofs_point *ap, int force);
extern pthread_mutex_t master_mutex;
extern struct master *master_list;
+extern pthread_mutex_t fd_mutex;
static int do_mkdir(const char *parent, const char *path, mode_t mode)
{
@@ -994,7 +995,7 @@ int do_expire(struct autofs_point *ap, const char *name, int namelen)
static int autofs_init_ap(struct autofs_point *ap)
{
- int pipefd[2], cl_flags;
+ int pipefd[2], cl_flags, status;
if ((ap->state != ST_INIT)) {
/* This can happen if an autofs process is already running*/
@@ -1004,11 +1005,18 @@ static int autofs_init_ap(struct autofs_point *ap)
ap->pipefd = ap->kpipefd = ap->ioctlfd = -1;
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Pipe for kernel communications */
if (pipe(pipefd) < 0) {
crit(ap->logopt,
"failed to create commumication pipe for autofs path %s",
ap->path);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return -1;
}
@@ -1031,6 +1039,9 @@ static int autofs_init_ap(struct autofs_point *ap)
"failed create state pipe for autofs path %s", ap->path);
close(ap->pipefd);
close(ap->kpipefd); /* Close kernel pipe end */
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return -1;
}
@@ -1049,6 +1060,10 @@ static int autofs_init_ap(struct autofs_point *ap)
logmsg("dynamic log level changes not available for %s", ap->path);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
return 0;
}
diff --git a/daemon/direct.c b/daemon/direct.c
index 619efce..6e76deb 100644
--- a/daemon/direct.c
+++ b/daemon/direct.c
@@ -53,6 +53,8 @@ pthread_once_t key_mnt_params_once = PTHREAD_ONCE_INIT;
static pthread_mutex_t ma_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t ea_mutex = PTHREAD_MUTEX_INITIALIZER;
+extern pthread_mutex_t fd_mutex;
+
static void key_mnt_params_destroy(void *arg)
{
struct mnt_params *mp;
@@ -107,7 +109,11 @@ int do_umount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, stru
}
ioctlfd = me->ioctlfd;
} else {
- int cl_flags;
+ int cl_flags, status;
+
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
ioctlfd = open(me->key, O_RDONLY);
if (ioctlfd != -1) {
@@ -116,6 +122,10 @@ int do_umount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, stru
fcntl(ioctlfd, F_SETFD, cl_flags);
}
}
+
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
}
@@ -309,11 +319,15 @@ int do_mount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, struc
if (tree_get_mnt_list(mnts, &list, me->key, 1)) {
if (ap->state == ST_READMAP) {
time_t tout = ap->exp_timeout;
- int save_ioctlfd, ioctlfd;
+ int save_ioctlfd, ioctlfd, status;
save_ioctlfd = ioctlfd = me->ioctlfd;
if (ioctlfd == -1) {
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ioctlfd = open(me->key, O_RDONLY);
if (ioctlfd != -1) {
cl_flags = fcntl(ioctlfd, F_GETFD, 0);
@@ -322,6 +336,11 @@ int do_mount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, struc
fcntl(ioctlfd, F_SETFD, cl_flags);
}
}
+
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
}
if (ioctlfd < 0) {
@@ -402,10 +421,17 @@ int do_mount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, struc
goto out_err;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Root directory for ioctl()'s */
ioctlfd = open(me->key, O_RDONLY);
if (ioctlfd < 0) {
crit(ap->logopt, "failed to create ioctl fd for %s", me->key);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
goto out_umount;
}
@@ -414,6 +440,10 @@ int do_mount_autofs_direct(struct autofs_point *ap, struct mnt_list *mnts, struc
fcntl(ioctlfd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Calculate the timeouts */
ap->exp_runfreq = (timeout + CHECK_RATIO - 1) / CHECK_RATIO;
@@ -548,6 +578,8 @@ int umount_autofs_offset(struct autofs_point *ap, struct mapent *me)
}
ioctlfd = me->ioctlfd;
} else {
+ int status;
+
/* offset isn't mounted, return success and try to recover */
if (!is_mounted(_PROC_MOUNTS, me->key, MNTS_AUTOFS)) {
debug(ap->logopt,
@@ -556,6 +588,10 @@ int umount_autofs_offset(struct autofs_point *ap, struct mapent *me)
return 0;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ioctlfd = open(me->key, O_RDONLY);
if (ioctlfd != -1) {
if ((cl_flags = fcntl(ioctlfd, F_GETFD, 0)) != -1) {
@@ -563,6 +599,10 @@ int umount_autofs_offset(struct autofs_point *ap, struct mapent *me)
fcntl(ioctlfd, F_SETFD, cl_flags);
}
}
+
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
}
if (ioctlfd >= 0) {
@@ -760,10 +800,17 @@ int mount_autofs_offset(struct autofs_point *ap, struct mapent *me)
goto out_err;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Root directory for ioctl()'s */
ioctlfd = open(me->key, O_RDONLY);
if (ioctlfd < 0) {
crit(ap->logopt, "failed to create ioctl fd for %s", me->key);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
goto out_umount;
}
@@ -772,6 +819,10 @@ int mount_autofs_offset(struct autofs_point *ap, struct mapent *me)
fcntl(ioctlfd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ioctl(ioctlfd, AUTOFS_IOC_SETTIMEOUT, &timeout);
ret = fstat(ioctlfd, &st);
@@ -1470,6 +1521,10 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
return 1;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
if (me->ioctlfd != -1) {
/* Maybe someone did a manual umount, clean up ! */
ioctlfd = me->ioctlfd;
@@ -1479,6 +1534,9 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
if (ioctlfd == -1) {
cache_unlock(mc);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
pthread_setcancelstate(state, NULL);
crit(ap->logopt, "failed to create ioctl fd for %s", me->key);
/* TODO: how do we clear wait q in kernel ?? */
@@ -1490,6 +1548,10 @@ int handle_packet_missing_direct(struct autofs_point *ap, autofs_packet_missing_
fcntl(ioctlfd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
debug(ap->logopt, "token %ld, name %s, request pid %u",
(unsigned long) pkt->wait_queue_token, me->key, pkt->pid);
diff --git a/daemon/indirect.c b/daemon/indirect.c
index f6b93d0..2b81ec5 100644
--- a/daemon/indirect.c
+++ b/daemon/indirect.c
@@ -43,6 +43,8 @@ extern pthread_attr_t thread_attr;
static pthread_mutex_t ma_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t ea_mutex = PTHREAD_MUTEX_INITIALIZER;
+extern pthread_mutex_t fd_mutex;
+
static int unlink_mount_tree(struct autofs_point *ap, struct mnt_list *mnts)
{
struct mnt_list *this;
@@ -93,7 +95,7 @@ static int do_mount_autofs_indirect(struct autofs_point *ap)
const char *type, *map_name = NULL;
struct stat st;
struct mnt_list *mnts;
- int cl_flags, ret;
+ int cl_flags, ret, status;
mnts = get_mnt_list(_PROC_MOUNTS, ap->path, 1);
if (mnts) {
@@ -147,11 +149,18 @@ static int do_mount_autofs_indirect(struct autofs_point *ap)
options = NULL;
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Root directory for ioctl()'s */
ap->ioctlfd = open(ap->path, O_RDONLY);
if (ap->ioctlfd < 0) {
crit(ap->logopt,
"failed to create ioctl fd for autofs path %s", ap->path);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
goto out_umount;
}
@@ -160,6 +169,10 @@ static int do_mount_autofs_indirect(struct autofs_point *ap)
fcntl(ap->ioctlfd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ap->exp_runfreq = (timeout + CHECK_RATIO - 1) / CHECK_RATIO;
ioctl(ap->ioctlfd, AUTOFS_IOC_SETTIMEOUT, &timeout);
diff --git a/daemon/spawn.c b/daemon/spawn.c
index 78d69c6..d096460 100644
--- a/daemon/spawn.c
+++ b/daemon/spawn.c
@@ -29,6 +29,7 @@
#include "automount.h"
+pthread_mutex_t fd_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t spawn_mutex = PTHREAD_MUTEX_INITIALIZER;
#define SPAWN_OPT_NONE 0x0000
@@ -123,6 +124,10 @@ static int do_spawn(unsigned logopt, unsigned int options, const char *prog, con
egid = tsv->gid;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
f = fork();
if (f == 0) {
reset_signals();
@@ -131,6 +136,10 @@ static int do_spawn(unsigned logopt, unsigned int options, const char *prog, con
dup2(pipefd[1], STDERR_FILENO);
close(pipefd[1]);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Bind mount - check target exists */
if (use_access) {
char **pargv = (char **) argv;
@@ -166,6 +175,10 @@ static int do_spawn(unsigned logopt, unsigned int options, const char *prog, con
} else {
tmpsig = oldsig;
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
sigaddset(&tmpsig, SIGCHLD);
pthread_sigmask(SIG_SETMASK, &tmpsig, NULL);
diff --git a/lib/nss_parse.y b/lib/nss_parse.y
index 90b7d25..7fbc42a 100644
--- a/lib/nss_parse.y
+++ b/lib/nss_parse.y
@@ -31,6 +31,7 @@
#include "nss_parse.tab.h"
static pthread_mutex_t parse_mutex = PTHREAD_MUTEX_INITIALIZER;
+extern pthread_mutex_t fd_mutex;
static struct list_head *nss_list;
static struct nss_source *src;
@@ -163,16 +164,24 @@ static void parse_close_nsswitch(void *arg)
int nsswitch_parse(struct list_head *list)
{
FILE *nsswitch;
- int fd, cl_flags, status;
+ int fd, cl_flags, status, cur_state;
+
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
+ pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cur_state);
nsswitch = fopen(NSSWITCH_FILE, "r");
if (!nsswitch) {
logerr("couldn't open %s\n", NSSWITCH_FILE);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+ pthread_setcancelstate(cur_state, NULL);
return 1;
}
- pthread_cleanup_push(parse_close_nsswitch, nsswitch);
-
fd = fileno(nsswitch);
if ((cl_flags = fcntl(fd, F_GETFD, 0)) != -1) {
@@ -180,9 +189,16 @@ int nsswitch_parse(struct list_head *list)
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
parse_mutex_lock();
+ pthread_cleanup_push(parse_close_nsswitch, nsswitch);
pthread_cleanup_push(parse_mutex_unlock, NULL);
+ pthread_setcancelstate(cur_state, NULL);
+
nss_in = nsswitch;
nss_automount_found = 0;
diff --git a/lib/rpc_subs.c b/lib/rpc_subs.c
index 5797639..5cf7fc3 100644
--- a/lib/rpc_subs.c
+++ b/lib/rpc_subs.c
@@ -54,6 +54,8 @@
inline void dump_core(void);
+extern pthread_mutex_t fd_mutex;
+
/*
* Create a UDP RPC client
*/
@@ -105,20 +107,31 @@ got_addr:
raddr.sin_port = htons(info->port);
if (!info->client) {
+ int status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
/*
* bind to any unused port. If we left this up to the rpc
* layer, it would bind to a reserved port, which has been shown
* to exhaust the reserved port range in some situations.
*/
fd = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if (fd < 0)
+ if (fd < 0) {
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return NULL;
+ }
if ((cl_flags = fcntl(fd, F_GETFD, 0)) != -1) {
cl_flags |= FD_CLOEXEC;
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
laddr.sin_family = AF_INET;
laddr.sin_port = 0;
laddr.sin_addr.s_addr = htonl(INADDR_ANY);
@@ -314,15 +327,27 @@ got_addr:
addr.sin_port = htons(info->port);
if (!info->client) {
+ int status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
fd = socket(PF_INET, SOCK_STREAM, info->proto->p_proto);
- if (fd < 0)
+ if (fd < 0) {
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return NULL;
+ }
if ((cl_flags = fcntl(fd, F_GETFD, 0)) != -1) {
cl_flags |= FD_CLOEXEC;
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ret = connect_nb(fd, &addr, &info->timeout);
if (ret < 0)
goto out_close;
diff --git a/modules/lookup_file.c b/modules/lookup_file.c
index a77068a..4bdd57e 100644
--- a/modules/lookup_file.c
+++ b/modules/lookup_file.c
@@ -36,6 +36,8 @@
#define MAX_INCLUDE_DEPTH 16
+extern pthread_mutex_t fd_mutex;
+
typedef enum {
st_begin, st_compare, st_star, st_badent, st_entspc, st_getent
} LOOKUP_STATE;
@@ -395,7 +397,7 @@ int lookup_read_master(struct master *master, time_t age, void *context)
char *ent;
struct stat st;
FILE *f;
- int fd, cl_flags;
+ int fd, cl_flags, status;
unsigned int path_len, ent_len;
int entry, cur_state;
@@ -422,11 +424,18 @@ int lookup_read_master(struct master *master, time_t age, void *context)
return NSS_STATUS_UNAVAIL;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
f = fopen(ctxt->mapname, "r");
if (!f) {
error(logopt,
MODPREFIX "could not open master map file %s",
ctxt->mapname);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return NSS_STATUS_UNAVAIL;
}
@@ -437,6 +446,10 @@ int lookup_read_master(struct master *master, time_t age, void *context)
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
while(1) {
entry = read_one(logopt, f, path, &path_len, ent, &ent_len);
if (!entry) {
@@ -640,7 +653,7 @@ int lookup_read_map(struct autofs_point *ap, time_t age, void *context)
char *mapent;
struct stat st;
FILE *f;
- int fd, cl_flags;
+ int fd, cl_flags, status;
unsigned int k_len, m_len;
int entry;
@@ -673,10 +686,17 @@ int lookup_read_map(struct autofs_point *ap, time_t age, void *context)
return NSS_STATUS_UNAVAIL;
}
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
f = fopen(ctxt->mapname, "r");
if (!f) {
error(ap->logopt,
MODPREFIX "could not open map file %s", ctxt->mapname);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return NSS_STATUS_UNAVAIL;
}
@@ -687,6 +707,10 @@ int lookup_read_map(struct autofs_point *ap, time_t age, void *context)
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
while(1) {
entry = read_one(ap->logopt, f, key, &k_len, mapent, &m_len);
if (!entry) {
@@ -773,7 +797,7 @@ static int lookup_one(struct autofs_point *ap,
char mapent[MAPENT_MAX_LEN + 1];
time_t age = time(NULL);
FILE *f;
- int fd, cl_flags;
+ int fd, cl_flags, status;
unsigned int k_len, m_len;
int entry, ret;
@@ -783,10 +807,17 @@ static int lookup_one(struct autofs_point *ap,
mc = source->mc;
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
f = fopen(ctxt->mapname, "r");
if (!f) {
error(ap->logopt,
MODPREFIX "could not open map file %s", ctxt->mapname);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return CHE_FAIL;
}
@@ -797,6 +828,10 @@ static int lookup_one(struct autofs_point *ap,
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
while(1) {
entry = read_one(ap->logopt, f, mkey, &k_len, mapent, &m_len);
if (entry) {
@@ -886,7 +921,7 @@ static int lookup_wild(struct autofs_point *ap, struct lookup_context *ctxt)
char mapent[MAPENT_MAX_LEN + 1];
time_t age = time(NULL);
FILE *f;
- int fd, cl_flags;
+ int fd, cl_flags, status;
unsigned int k_len, m_len;
int entry, ret;
@@ -896,10 +931,17 @@ static int lookup_wild(struct autofs_point *ap, struct lookup_context *ctxt)
mc = source->mc;
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
f = fopen(ctxt->mapname, "r");
if (!f) {
error(ap->logopt,
MODPREFIX "could not open map file %s", ctxt->mapname);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return CHE_FAIL;
}
@@ -910,6 +952,10 @@ static int lookup_wild(struct autofs_point *ap, struct lookup_context *ctxt)
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
while(1) {
entry = read_one(ap->logopt, f, mkey, &k_len, mapent, &m_len);
if (entry) {
diff --git a/modules/mount_changer.c b/modules/mount_changer.c
index 08d9147..3bec011 100644
--- a/modules/mount_changer.c
+++ b/modules/mount_changer.c
@@ -34,6 +34,8 @@
#define MODPREFIX "mount(changer): "
+extern pthread_mutex_t fd_mutex;
+
int mount_version = AUTOFS_MOUNT_VERSION; /* Required by protocol */
int swapCD(const char *device, const char *slotName);
@@ -158,11 +160,18 @@ int swapCD(const char *device, const char *slotName)
slot = atoi(slotName) - 1;
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* open device */
fd = open(device, O_RDONLY | O_NONBLOCK);
if (fd < 0) {
logerr(MODPREFIX "Opening device %s failed : %s",
device, strerror(errno));
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return 1;
}
@@ -171,6 +180,10 @@ int swapCD(const char *device, const char *slotName)
fcntl(fd, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
/* Check CD player status */
total_slots_available = ioctl(fd, CDROM_CHANGER_NSLOTS);
if (total_slots_available <= 1) {
diff --git a/modules/replicated.c b/modules/replicated.c
index 90b2925..21cb9da 100644
--- a/modules/replicated.c
+++ b/modules/replicated.c
@@ -74,6 +74,8 @@
#define max(x, y) (x >= y ? x : y)
#define mmax(x, y, z) (max(x, y) == x ? max(x, z) : max(y, z))
+extern pthread_mutex_t fd_mutex;
+
void seed_random(void)
{
int fd;
@@ -102,7 +104,7 @@ static unsigned int get_proximity(const char *host_addr, int addr_len)
char tmp[20], buf[MAX_ERR_BUF], *ptr;
struct ifconf ifc;
struct ifreq *ifr, nmptr;
- int sock, cl_flags, ret, i;
+ int sock, cl_flags, ret, i, status;
uint32_t mask, ha, ia;
memcpy(tmp, host_addr, addr_len);
@@ -110,10 +112,17 @@ static unsigned int get_proximity(const char *host_addr, int addr_len)
ha = ntohl((uint32_t) hst_addr->s_addr);
+ status = pthread_mutex_lock(&fd_mutex);
+ if (status)
+ fatal(status);
+
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
char *estr = strerror_r(errno, buf, MAX_ERR_BUF);
logerr("socket creation failed: %s", estr);
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
return PROXIMITY_ERROR;
}
@@ -122,6 +131,10 @@ static unsigned int get_proximity(const char *host_addr, int addr_len)
fcntl(sock, F_SETFD, cl_flags);
}
+ status = pthread_mutex_unlock(&fd_mutex);
+ if (status)
+ fatal(status);
+
ifc.ifc_len = sizeof(buf);
ifc.ifc_req = (struct ifreq *) buf;
ret = ioctl(sock, SIOCGIFCONF, &ifc);

8
autofs.spec
View File

@ -4,7 +4,7 @@
Summary: A tool for automatically mounting and unmounting filesystems
Name: autofs
Version: 5.0.2
Release: 21
Release: 23
Epoch: 1
License: GPL
Group: System Environment/Daemons
@ -56,6 +56,7 @@ Patch42: autofs-5.0.2-report-failed-lookups.patch
Patch43: autofs-5.0.2-dynamic-logging-non-sasl.patch
Patch44: autofs-5.0.2-singleton-host-list.patch
Patch45: autofs-5.0.2-hosts-nosuid-default.patch
Patch46: autofs-5.0.2-fd-close-on-exec-mutex.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, hesiod-devel, openldap-devel, bison, flex, libxml2-devel, cyrus-sasl-devel, openssl-devel module-init-tools util-linux nfs-utils e2fsprogs
Conflicts: kernel < 2.6.17
@ -143,6 +144,7 @@ echo %{version}-%{release} > .version
%patch43 -p1
%patch44 -p1
%patch45 -p1
%patch46 -p1
%build
#CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=/usr --libdir=%{_libdir}
@ -195,6 +197,10 @@ fi
%{_libdir}/autofs/
%changelog
* Tue Dec 18 2007 Ian Kent <ikent@redhat.com> - 5.0.2-23
- Bug 397591 SELinux is preventing /sbin/rpc.statd (rpcd_t) "search" to <Unknown> (sysctl_fs_t).
- prevent fork between fd open and setting of FD_CLOEXEC.
* Thu Dec 13 2007 Ian Kent <ikent@redhat.com> - 5.0.2-21
- Bug 421371: CVE-2007-5964 autofs defaults don't restrict suid in /net [rawhide]
- use mount option "nosuid" for "-hosts" map unless "suid" is explicily specified.