Add optimization_to_close_fds.patch

Resolves: RHEL-2609
2023-11-30 14:39:55 +01:00 · 2023-11-30 14:39:55 +01:00 · 23f8cd5012
commit 23f8cd5012
parent b17e11f8f3
2 changed files with 49 additions and 1 deletions
--- a/cronie.spec
+++ b/cronie.spec
@ -6,7 +6,7 @@
 Summary:   Cron daemon for executing programs at set times
 Name:      cronie
 Version:   1.5.2
-Release:   8%{?dist}
+Release:   9%{?dist}
 License:   MIT and BSD and ISC and GPLv2+
 Group:     System Environment/Base
 URL:       https://github.com/cronie-crond/cronie
@ -53,6 +53,9 @@ Patch6:     0001-Add-random-within-range-operator.patch
 Patch7:     0002-get_number-Add-missing-NUL-termination-for-the-scann.patch
 Patch8:     0003-Fix-regression-in-handling-x-crontab-entries.patch
 Patch9:     0004-Fix-regression-in-handling-1-5-crontab-entries.patch
+# Optimization to close fds from /proc/self/fd in case of high nofile limit after fork
+# https://github.com/cronie-crond/cronie/commit/e3682c7135b9176b60d226c60ee4e78cf1ab711b
+Patch10:     optimization_to_close_fds.patch

 %description
 Cronie contains the standard UNIX daemon crond that runs specified programs at
@ -105,6 +108,7 @@ extra features.
 %patch7 -p1
 %patch8 -p1
 %patch9 -p1
+%patch10 -p1

 %build
 %configure \
@ -233,6 +237,10 @@ exit 0
 %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/cron.d/dailyjobs

 %changelog
+* Thu Nov 30 2023 Ondřej Pohořelský <opohorel@redhat.com> - 1.5.2-9
+- Add `optimization_to_close_fds.patch`
+- Resolves: RHEL-2609
+
 * Mon Jul 11 2022 Jan Staněk <jstanek@redhat.com> - 1.5.2-8
 - Set 'missingok' for /etc/cron.deny to not recreate it on update

--- a/optimization_to_close_fds.patch
+++ b/optimization_to_close_fds.patch
@ -0,0 +1,40 @@
+--- ./src/do_command.c	2023-09-07 09:40:32.016272074 +0200
+++ ./src/do_command.c	2023-09-07 09:43:04.938995232 +0200
+@@ -30,6 +30,7 @@
+ #include <string.h>
+ #include <sys/wait.h>
+ #include <unistd.h>
+#include <dirent.h>
+ 
+ #include "externs.h"
+ #include "funcs.h"
+@@ -239,10 +240,26 @@
+ 		{
+ 			char *shell = env_get("SHELL", jobenv);
+ 			int fd, fdmax = getdtablesize();
+			DIR *dir;
+			struct dirent *dent;
+ 
+-			/* close all unwanted open file descriptors */
+-			for(fd = STDERR + 1; fd < fdmax; fd++) {
+-				close(fd);
+			/*
+			 * if /proc is mounted, we can optimize what fd can be closed,
+			 * but if it isn't available, fall back to the previous behavior.
+			 */
+			if ((dir = opendir("/proc/self/fd")) != NULL) {
+				while ((dent = readdir(dir)) != NULL) {
+					if (!strcmp(dent->d_name, ".") || !strcmp(dent->d_name, ".."))
+						continue;
+					fd = atoi(dent->d_name);
+					if (fd > STDERR_FILENO)
+						close(fd);
+					}
+			} else {
+				/* close all unwanted open file descriptors */
+				for(fd = STDERR + 1; fd < fdmax; fd++) {
+					close(fd);
+				}
+ 			}
+ 
+ #if DEBUGGING