From f669e74cea26bf6a6021a06f284ff9b75ff5d03e Mon Sep 17 00:00:00 2001 From: David Cantrell Date: Fri, 1 Aug 2008 22:16:38 +0000 Subject: [PATCH] - Carry over RES_OPTIONS from ifcfg-ethX files to /etc/resolv.conf (#202923) - Clean up Requires tags for devel packages - Allow SEARCH variable in ifcfg files to override search path (#454152) - Do not down interface if there is an active lease (#453982) - Clean up how dhclient-script restarts ypbind - Set close-on-exec on dhclient.leases for SELinux (#446632) --- dhcp-4.0.0-FD_CLOEXEC.patch | 133 +++++++++ dhcp-4.0.0-O_CLOEXEC.patch | 508 -------------------------------- dhcp-4.0.0-inherit-leases.patch | 39 ++- dhcp-4.0.0-selinux.patch | 48 --- dhcp.spec | 13 +- 5 files changed, 165 insertions(+), 576 deletions(-) create mode 100644 dhcp-4.0.0-FD_CLOEXEC.patch delete mode 100644 dhcp-4.0.0-O_CLOEXEC.patch delete mode 100644 dhcp-4.0.0-selinux.patch diff --git a/dhcp-4.0.0-FD_CLOEXEC.patch b/dhcp-4.0.0-FD_CLOEXEC.patch new file mode 100644 index 0000000..9ad9190 --- /dev/null +++ b/dhcp-4.0.0-FD_CLOEXEC.patch @@ -0,0 +1,133 @@ +diff -up dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC dhcp-4.0.0/client/dhclient.c +--- dhcp-4.0.0/client/dhclient.c.FD_CLOEXEC 2008-08-01 11:02:35.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:14:01.000000000 -1000 +@@ -2696,6 +2696,7 @@ int leases_written = 0; + + void rewrite_client_leases () + { ++ int fd, flags; + struct interface_info *ip; + struct client_state *client; + struct client_lease *lp; +@@ -2708,6 +2709,23 @@ void rewrite_client_leases () + return; + } + ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return; ++ } ++ + /* If there is a default duid, write it out. */ + if (default_duid.len != 0) + write_duid(&default_duid); +@@ -2800,7 +2818,7 @@ static isc_result_t + write_duid(struct data_string *duid) + { + char *str; +- int stat; ++ int stat, flags, fd; + + if ((duid == NULL) || (duid->len <= 2)) + return ISC_R_INVALIDARG; +@@ -2811,6 +2829,23 @@ write_duid(struct data_string *duid) + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + /* It would make more sense to write this as a hex string, +@@ -2840,7 +2875,7 @@ write_client6_lease(struct client_state + { + struct dhc6_ia *ia; + struct dhc6_addr *addr; +- int stat; ++ int stat, flags, fd; + + /* This should include the current lease. */ + if (!rewrite && (leases_written++ > 20)) { +@@ -2858,6 +2893,23 @@ write_client6_lease(struct client_state + log_error("can't create %s: %m", path_dhclient_db); + return ISC_R_IOERROR; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + stat = fprintf(leaseFile, "lease6 {\n"); +@@ -2940,6 +2992,7 @@ int write_client_lease (client, lease, r + { + struct data_string ds; + int errors = 0; ++ int flags, fd; + char *s; + const char *tval; + +@@ -2961,6 +3014,23 @@ int write_client_lease (client, lease, r + log_error ("can't create %s: %m", path_dhclient_db); + return 0; + } ++ ++ if ((fd = fileno(leaseFile)) == -1) { ++ log_error ("could not determine fd for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ if ((flags = fcntl(fd, F_GETFD)) == -1) { ++ log_error ("failed to get flags for %s: %s", path_dhclient_db, strerror(errno)); ++ return ISC_R_IOERROR; ++ } ++ ++ flags |= FD_CLOEXEC; ++ ++ if (fcntl(fd, F_SETFD, flags) == -1) { ++ log_error ("failed to set close-on-exec for %s", path_dhclient_db); ++ return ISC_R_IOERROR; ++ } + } + + errno = 0; diff --git a/dhcp-4.0.0-O_CLOEXEC.patch b/dhcp-4.0.0-O_CLOEXEC.patch deleted file mode 100644 index e4006eb..0000000 --- a/dhcp-4.0.0-O_CLOEXEC.patch +++ /dev/null @@ -1,508 +0,0 @@ -diff -up dhcp-4.0.0//client/clparse.c.cloexec dhcp-4.0.0//client/clparse.c ---- dhcp-4.0.0//client/clparse.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//client/clparse.c 2008-07-01 17:02:38.000000000 -1000 -@@ -221,7 +221,7 @@ int read_client_conf_file (const char *n - int token; - isc_result_t status; - -- if ((file = open (name, O_RDONLY)) < 0) -+ if ((file = open (name, O_RDONLY | O_CLOEXEC)) < 0) - return uerr2isc (errno); - - cfile = (struct parse *)0; -@@ -258,7 +258,7 @@ void read_client_leases () - - /* Open the lease file. If we can't open it, just return - - we can safely trust the server to remember our state. */ -- if ((file = open (path_dhclient_db, O_RDONLY)) < 0) -+ if ((file = open (path_dhclient_db, O_RDONLY | O_CLOEXEC)) < 0) - return; - cfile = (struct parse *)0; - /* new_parse() may fail if the file is of zero length. */ -diff -up dhcp-4.0.0//client/dhclient.c.cloexec dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-07-01 17:22:06.000000000 -1000 -@@ -162,11 +162,11 @@ int main(int argc, char **argv, char **e - /* Make sure that file descriptors 0 (stdin), 1, (stdout), and - 2 (stderr) are open. To do this, we assume that when we - open a file the lowest available file descriptor is used. */ -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 0) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 1) -- fd = open("/dev/null", O_RDWR); -+ fd = open("/dev/null", O_RDWR | O_CLOEXEC); - if (fd == 2) - log_perror = 0; /* No sense logging to /dev/null. */ - else if (fd != -1) -@@ -442,6 +442,19 @@ int main(int argc, char **argv, char **e - - oldpid = 0; - if ((pidfd = fopen(path_dhclient_pid, "r")) != NULL) { -+ int fn = fileno(pidfd); -+ int flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } -+ - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -484,6 +497,19 @@ int main(int argc, char **argv, char **e - sprintf(new_path_dhclient_pid + pfx, "-%s.pid", ip->name); - - if ((pidfd = fopen(new_path_dhclient_pid, "r")) != NULL) { -+ int fn = fileno(pidfd); -+ int flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } -+ - e = fscanf(pidfd, "%ld\n", &temp); - oldpid = (pid_t)temp; - -@@ -509,6 +535,19 @@ int main(int argc, char **argv, char **e - char procfn[256] = ""; - - if ((pidfp = fopen(path_dhclient_pid, "r")) != NULL) { -+ int fn = fileno(pidfd); -+ int flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } -+ - if ((fscanf(pidfp, "%ld", &temp)==1) && ((dhcpid=(pid_t)temp) > 0)) { - snprintf(procfn,256,"/proc/%u",dhcpid); - dhc_running = (access(procfn, F_OK) == 0); -@@ -2896,6 +2935,7 @@ int leases_written = 0; - - void rewrite_client_leases () - { -+ int fn, flags; - struct interface_info *ip; - struct client_state *client; - struct client_lease *lp; -@@ -2908,9 +2948,17 @@ void rewrite_client_leases () - return; - } - -- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -- log_error ("failed to set close-on-exec for %s", path_dhclient_db); -- return; -+ fn = fileno(leaseFile); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } - } - - /* If there is a default duid, write it out. */ -@@ -3005,20 +3053,30 @@ static isc_result_t - write_duid(struct data_string *duid) - { - char *str; -- int stat; -+ int stat, fn, flags; - - if ((duid == NULL) || (duid->len <= 2)) - return ISC_R_INVALIDARG; - - if (leaseFile == NULL) { /* XXX? */ - leaseFile = fopen(path_dhclient_db, "w"); -+ - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -- log_error ("failed to set close-on-exec for %s", path_dhclient_db); -- return ISC_R_IOERROR; -+ -+ fn = fileno(leaseFile); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } - } - } - -@@ -3049,7 +3107,7 @@ write_client6_lease(struct client_state - { - struct dhc6_ia *ia; - struct dhc6_addr *addr; -- int stat; -+ int stat, fn, flags; - - /* This should include the current lease. */ - if (!rewrite && (leases_written++ > 20)) { -@@ -3063,13 +3121,23 @@ write_client6_lease(struct client_state - - if (leaseFile == NULL) { /* XXX? */ - leaseFile = fopen(path_dhclient_db, "w"); -+ - if (leaseFile == NULL) { - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -- log_error ("failed to set close-on-exec for %s", path_dhclient_db); -- return ISC_R_IOERROR; -+ -+ fn = fileno(leaseFile); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } - } - } - -@@ -3152,7 +3220,7 @@ int write_client_lease (client, lease, r - int makesure; - { - struct data_string ds; -- int errors = 0; -+ int errors = 0, fn, flags; - char *s; - const char *tval; - -@@ -3170,13 +3238,23 @@ int write_client_lease (client, lease, r - - if (leaseFile == NULL) { /* XXX */ - leaseFile = fopen (path_dhclient_db, "w"); -+ - if (leaseFile == NULL) { - log_error ("can't create %s: %m", path_dhclient_db); - return 0; - } -- if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -- log_error ("failed to set close-on-exec for %s", path_dhclient_db); -- return ISC_R_IOERROR; -+ -+ fn = fileno(leaseFile); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } - } - } - -@@ -3675,9 +3753,9 @@ void go_daemon () - close(2); - - /* Reopen them on /dev/null. */ -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -- open("/dev/null", O_RDWR); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); -+ open("/dev/null", O_RDWR | O_CLOEXEC); - - write_client_pid_file (); - -@@ -3689,7 +3767,7 @@ void write_client_pid_file () - FILE *pf; - int pfdesc; - -- pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY, 0644); -+ pfdesc = open (path_dhclient_pid, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, 0644); - - if (pfdesc < 0) { - log_error ("Can't create %s: %m", path_dhclient_pid); -diff -up dhcp-4.0.0//common/bpf.c.cloexec dhcp-4.0.0//common/bpf.c ---- dhcp-4.0.0//common/bpf.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//common/bpf.c 2008-07-01 17:23:40.000000000 -1000 -@@ -94,7 +94,7 @@ int if_register_bpf (info) - for (b = 0; 1; b++) { - /* %Audit% 31 bytes max. %2004.06.17,Safe% */ - sprintf(filename, BPF_FORMAT, b); -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.0.0//common/discover.c.cloexec dhcp-4.0.0//common/discover.c ---- dhcp-4.0.0//common/discover.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//common/discover.c 2008-07-01 17:26:03.000000000 -1000 -@@ -387,6 +387,8 @@ begin_iface_scan(struct iface_conf_list - char buf[256]; - int len; - int i; -+ int fn; -+ int flags; - - ifaces->fp = fopen("/proc/net/dev", "r"); - if (ifaces->fp == NULL) { -@@ -394,6 +396,19 @@ begin_iface_scan(struct iface_conf_list - return 0; - } - -+ fn = fileno(ifaces->fp); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } -+ - /* - * The first 2 lines are header information, so read and ignore them. - */ -@@ -432,6 +447,19 @@ begin_iface_scan(struct iface_conf_list - ifaces->fp = NULL; - return 0; - } -+ -+ int fn = fileno(ifaces->fp6); -+ int flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } - #endif - - return 1; -diff -up dhcp-4.0.0//common/dlpi.c.cloexec dhcp-4.0.0//common/dlpi.c ---- dhcp-4.0.0//common/dlpi.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//common/dlpi.c 2008-07-01 17:26:31.000000000 -1000 -@@ -795,7 +795,7 @@ dlpiopen(const char *ifname) { - } - *dp = '\0'; - -- return open (devname, O_RDWR, 0); -+ return open (devname, O_RDWR | O_CLOEXEC, 0); - } - - /* -diff -up dhcp-4.0.0//common/nit.c.cloexec dhcp-4.0.0//common/nit.c ---- dhcp-4.0.0//common/nit.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//common/nit.c 2008-07-01 17:26:41.000000000 -1000 -@@ -81,7 +81,7 @@ int if_register_nit (info) - struct strioctl sio; - - /* Open a NIT device */ -- sock = open ("/dev/nit", O_RDWR); -+ sock = open ("/dev/nit", O_RDWR | O_CLOEXEC); - if (sock < 0) - log_fatal ("Can't open NIT device for %s: %m", info -> name); - -diff -up dhcp-4.0.0//common/resolv.c.cloexec dhcp-4.0.0//common/resolv.c ---- dhcp-4.0.0//common/resolv.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0//common/resolv.c 2008-07-01 17:26:54.000000000 -1000 -@@ -48,7 +48,7 @@ void read_resolv_conf (parse_time) - struct name_server *sp, *sl, *ns; - struct domain_search_list *dp, *dl, *nd; - -- if ((file = open (path_resolv_conf, O_RDONLY)) < 0) { -+ if ((file = open (path_resolv_conf, O_RDONLY | O_CLOEXEC)) < 0) { - log_error ("Can't open %s: %m", path_resolv_conf); - return; - } -diff -up dhcp-4.0.0//common/upf.c.cloexec dhcp-4.0.0//common/upf.c ---- dhcp-4.0.0//common/upf.c.cloexec 2008-07-01 15:36:54.000000000 -1000 -+++ dhcp-4.0.0//common/upf.c 2008-07-01 17:27:04.000000000 -1000 -@@ -77,7 +77,7 @@ int if_register_upf (info) - /* %Audit% Cannot exceed 36 bytes. %2004.06.17,Safe% */ - sprintf(filename, "/dev/pf/pfilt%d", b); - -- sock = open (filename, O_RDWR, 0); -+ sock = open (filename, O_RDWR | O_CLOEXEC, 0); - if (sock < 0) { - if (errno == EBUSY) { - continue; -diff -up dhcp-4.0.0//dst/dst_support.c.cloexec dhcp-4.0.0//dst/dst_support.c ---- dhcp-4.0.0//dst/dst_support.c.cloexec 2007-12-05 14:50:22.000000000 -1000 -+++ dhcp-4.0.0//dst/dst_support.c 2008-07-01 17:31:47.000000000 -1000 -@@ -426,6 +426,8 @@ dst_s_fopen(const char *filename, const - FILE *fp; - char pathname[PATH_MAX]; - unsigned plen = sizeof(pathname); -+ int fn; -+ int flags; - - if (*dst_path != '\0') { - strcpy(pathname, dst_path); -@@ -442,6 +444,15 @@ dst_s_fopen(const char *filename, const - fp = fopen(pathname, mode); - if (perm) - chmod(pathname, perm); -+ -+ fn = fileno(fp); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags != -1) { -+ flags |= FD_CLOEXEC; -+ flags = fcntl(fn, F_SETFD, flags); -+ } -+ - return (fp); - } - -diff -up dhcp-4.0.0//dst/prandom.c.cloexec dhcp-4.0.0//dst/prandom.c ---- dhcp-4.0.0//dst/prandom.c.cloexec 2007-11-30 11:51:43.000000000 -1000 -+++ dhcp-4.0.0//dst/prandom.c 2008-07-01 17:35:55.000000000 -1000 -@@ -267,7 +267,7 @@ get_dev_random(u_char *output, unsigned - - s = stat("/dev/random", &st); - if (s == 0 && S_ISCHR(st.st_mode)) { -- if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK)) != -1) { -+ if ((fd = open("/dev/random", O_RDONLY | O_NONBLOCK | O_CLOEXEC)) != -1) { - if ((n = read(fd, output, size)) < 0) - n = 0; - close(fd); -@@ -480,6 +480,12 @@ digest_file(dst_work *work) - } - if ((fp = fopen(name, "r")) == NULL) - return (0); -+ int fn = fileno(fp); -+ int flags = fcntl(fn, F_GETFD); -+ if (flags != -1) { -+ flags |= FD_CLOEXEC; -+ flags = fcntl(fn, F_SETFD, flags); -+ } - for (no = 0; (i = fread(buf, sizeof(*buf), sizeof(buf), fp)) > 0; - no += i) - dst_sign_data(SIG_MODE_UPDATE, work->file_digest, &ctx, -diff -up dhcp-4.0.0//minires/res_init.c.cloexec dhcp-4.0.0//minires/res_init.c ---- dhcp-4.0.0//minires/res_init.c.cloexec 2007-10-01 04:47:35.000000000 -1000 -+++ dhcp-4.0.0//minires/res_init.c 2008-07-01 17:44:26.000000000 -1000 -@@ -235,6 +235,14 @@ minires_vinit(res_state statp, int prein - line[sizeof(name) - 1] == '\t')) - - if ((fp = fopen(_PATH_RESCONF, "r")) != NULL) { -+ int fn = fileno(fp); -+ int flags = fcntl(fn, F_GETFD); -+ -+ if (flags != -1) { -+ flags |= FD_CLOEXEC; -+ flags = fcntl(fn, F_SETFD, flags); -+ } -+ - /* read the config file */ - while (fgets(buf, sizeof(buf), fp) != NULL) { - /* skip comments */ -diff -up dhcp-4.0.0//minires/res_query.c.cloexec dhcp-4.0.0//minires/res_query.c ---- dhcp-4.0.0//minires/res_query.c.cloexec 2007-09-05 07:32:10.000000000 -1000 -+++ dhcp-4.0.0//minires/res_query.c 2008-07-01 17:46:04.000000000 -1000 -@@ -387,12 +387,19 @@ res_hostalias(const res_state statp, con - unsigned char *cp1, *cp2; - char buf[BUFSIZ]; - FILE *fp; -+ int fn, flags; - - if (statp->options & RES_NOALIASES) - return (NULL); - file = getenv("HOSTALIASES"); - if (file == NULL || (fp = fopen(file, "r")) == NULL) - return (NULL); -+ fn = fileno(fp); -+ flags = fcntl(fn, F_GETFD); -+ if (flags != -1) { -+ flags |= FD_CLOEXEC; -+ flags = fcntl(fn, F_SETFD, flags); -+ } - setbuf(fp, NULL); - buf[sizeof(buf) - 1] = '\0'; - while (fgets(buf, sizeof(buf), fp)) { -diff -up dhcp-4.0.0//omapip/trace.c.cloexec dhcp-4.0.0//omapip/trace.c ---- dhcp-4.0.0//omapip/trace.c.cloexec 2007-07-12 20:43:42.000000000 -1000 -+++ dhcp-4.0.0//omapip/trace.c 2008-07-01 17:29:46.000000000 -1000 -@@ -140,10 +140,10 @@ isc_result_t trace_begin (const char *fi - return ISC_R_INVALIDARG; - } - -- traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_CREAT | O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - if (traceoutfile < 0 && errno == EEXIST) { - log_error ("WARNING: Overwriting trace file \"%s\"", filename); -- traceoutfile = open (filename, O_WRONLY | O_EXCL, 0600); -+ traceoutfile = open (filename, O_WRONLY | O_EXCL | O_CLOEXEC, 0600); - } - - if (traceoutfile < 0) { -@@ -428,12 +428,28 @@ void trace_file_replay (const char *file - trace_type_t *ttype = (trace_type_t *)0; - isc_result_t result; - int len; -+ int fn; -+ int flags; - - traceinfile = fopen (filename, "r"); - if (!traceinfile) { - log_error ("Can't open tracefile %s: %m", filename); - return; - } -+ -+ fn = fileno(traceinfile); -+ flags = fcntl(fn, F_GETFD); -+ -+ if (flags == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } else { -+ flags |= FD_CLOEXEC; -+ -+ if (fcntl(fn, F_SETFD, flags) == -1) { -+ log_error("%s (%d): %s\n", __func__, __LINE__, strerror(errno)); -+ } -+ } -+ - #if defined (HAVE_SETFD) - if (fcntl (fileno (traceinfile), F_SETFD, 1) < 0) - log_error ("Can't set close-on-exec on %s: %m", filename); diff --git a/dhcp-4.0.0-inherit-leases.patch b/dhcp-4.0.0-inherit-leases.patch index b2d3593..642fdea 100644 --- a/dhcp-4.0.0-inherit-leases.patch +++ b/dhcp-4.0.0-inherit-leases.patch @@ -1,19 +1,34 @@ -diff -up dhcp-4.0.0//client/dhclient.c.inherit dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.inherit 2008-08-01 09:49:36.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 09:53:28.000000000 -1000 -@@ -2393,6 +2393,15 @@ void send_request (cpp) +diff -up dhcp-4.0.0/client/dhclient.c.inherit dhcp-4.0.0/client/dhclient.c +--- dhcp-4.0.0/client/dhclient.c.inherit 2008-08-01 11:34:29.000000000 -1000 ++++ dhcp-4.0.0/client/dhclient.c 2008-08-01 11:34:42.000000000 -1000 +@@ -2296,6 +2296,7 @@ void send_request (cpp) + { + struct client_state *client = cpp; + ++ int i; + int result; + int interval; + struct sockaddr_in destination; +@@ -2354,6 +2355,22 @@ void send_request (cpp) /* Now do a preinit on the interface so that we can discover a new address. */ script_init (client, "PREINIT", (struct string_list *)0); ++ + /* Has an active lease */ -+ if (client -> active && -+ client -> active -> is_bootp && -+ client -> active -> expiry > cur_time && -+ primary_address.s_addr != 0 && -+ client -> active -> address.len == 4 && -+ memcpy (client -> active -> address.iabuf, &primary_address, 4) == 0) -+ client_envadd (client, "", "keep_old_ip", "%s", "yes"); -+ ++ if (client -> interface -> addresses != NULL) { ++ for (i = 0; i < client -> interface -> address_count; i++) { ++ if (client -> active && ++ client -> active -> is_bootp && ++ client -> active -> expiry > cur_time && ++ client -> interface -> addresses[i].s_addr != 0 && ++ client -> active -> address.len == 4 && ++ memcpy (client -> active -> address.iabuf, &(client -> interface -> addresses[i]), 4) == 0) { ++ client_envadd (client, "", "keep_old_ip", "%s", "yes"); ++ break; ++ } ++ } ++ } ++ if (client -> alias) script_write_params (client, "alias_", client -> alias); diff --git a/dhcp-4.0.0-selinux.patch b/dhcp-4.0.0-selinux.patch deleted file mode 100644 index 9f76e49..0000000 --- a/dhcp-4.0.0-selinux.patch +++ /dev/null @@ -1,48 +0,0 @@ -diff -up dhcp-4.0.0//client/dhclient.c.selinux dhcp-4.0.0//client/dhclient.c ---- dhcp-4.0.0//client/dhclient.c.selinux 2008-08-01 10:16:48.000000000 -1000 -+++ dhcp-4.0.0//client/dhclient.c 2008-08-01 10:16:48.000000000 -1000 -@@ -2708,6 +2708,11 @@ void rewrite_client_leases () - return; - } - -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return; -+ } -+ - /* If there is a default duid, write it out. */ - if (default_duid.len != 0) - write_duid(&default_duid); -@@ -2811,6 +2816,10 @@ write_duid(struct data_string *duid) - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - /* It would make more sense to write this as a hex string, -@@ -2858,6 +2867,10 @@ write_client6_lease(struct client_state - log_error("can't create %s: %m", path_dhclient_db); - return ISC_R_IOERROR; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - stat = fprintf(leaseFile, "lease6 {\n"); -@@ -2961,6 +2974,10 @@ int write_client_lease (client, lease, r - log_error ("can't create %s: %m", path_dhclient_db); - return 0; - } -+ if (fcntl(leaseFile, F_SETFD, FD_CLOEXEC) == -1) { -+ log_error ("failed to set close-on-exec for %s", path_dhclient_db); -+ return ISC_R_IOERROR; -+ } - } - - errno = 0; diff --git a/dhcp.spec b/dhcp.spec index 11d986c..a765fd9 100644 --- a/dhcp.spec +++ b/dhcp.spec @@ -43,10 +43,9 @@ Patch13: %{name}-4.0.0-dhclient-anycast.patch Patch14: %{name}-4.0.0-manpages.patch Patch15: %{name}-4.0.0-paths.patch Patch16: %{name}-4.0.0-NetworkManager-crash.patch -Patch17: %{name}-4.0.0-selinux.patch +Patch17: %{name}-4.0.0-FD_CLOEXEC.patch Patch18: %{name}-4.0.0-libdhcp4client.patch -Patch19: %{name}-4.0.0-O_CLOEXEC.patch -Patch20: %{name}-4.0.0-inherit-leases.patch +Patch19: %{name}-4.0.0-inherit-leases.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: autoconf @@ -191,17 +190,14 @@ client library. # Avoid crash when dhclient is run with NetworkManager %patch16 -p1 -# Set close-on-exec for dhclient.leases for SELinux (#446632) +# Make sure all open file descriptors are closed-on-exec for SELinux (#446632) %patch17 -p1 # Add the libdhcp4client target (library version of dhclient) %patch18 -p1 -# Make sure all open file descriptors are closed-on-exec for SELinux -%patch19 -p1 - # If we have an active lease, do not down the interface (#453982) -%patch20 -p1 +%patch19 -p1 # Copy in documentation and example scripts for LDAP patch to dhcpd %{__install} -p -m 0644 %{SOURCE5} . @@ -437,6 +433,7 @@ fi - Allow SEARCH variable in ifcfg files to override search path (#454152) - Do not down interface if there is an active lease (#453982) - Clean up how dhclient-script restarts ypbind +- Set close-on-exec on dhclient.leases for SELinux (#446632) * Sat Jun 21 2008 David Cantrell - 12:4.0.0-16 - Remove instaces of \032 in domain search option (#450042)