rpms/kexec-tools
7
0
Fork 0
Code Issues Pull Requests Releases Activity
Unnamed repository
542 Commits 9 Branches 65 Tags 6.5 MiB
Shell 91.1%
Roff 8.9%
59934ba188
Go to file
WANG Chao 59934ba188 kdumpctl: Avoid leaking fd to subshell 
We only allow one instance of kdump service running at each time by
flock /var/lock/kdump which is opened as fd 9 in kdumpctl script.

However a leaking fd issue has been discovered by SELinux:

When executing a specific shell command (not the shell built-in but
provided by other packages, in this case - restorecon) in kdumpctl,
current shell will fork a new subshell for executing and
the subshell will inherit open fd 9 from parent shell. And SELinux
detects that subshell is holding the open fd and consider fd 9 is
leaked.

To avoid this kind of leaking, the most easy way seems to be breaking our
kdumpctl code out into two parts:
- A top level parent shell, which is only used to deal with the lock and
  invoking the subshell below.
- A 2nd tier level subshell, which is closing the inherited open fd at
  very first and doing the rest of the kdumpctl job. So that it isn't
  leaking fd to its subshell when executing like restorecon, etc.

To be easy to understand, the callgraph is roughly like below:
[..]
--> open(9)
--> flock(9)
--> fork
  --> close(9)      <-- we close 9 right here
  --> main()        <-- we're now doing the real job
  --> [..]
  --> fork()
    --> restorecon  <-- we don't leak fd 9 to child process
  --> [..]
--> [..]

As shown above, a wrapper main() is added as the 2nd tier level shell in
this kind of call model. So we can completely avoid leaking fd to
subshell.

Signed-off-by: WANG Chao <chaowang@redhat.com>
Acked-by: Vivek Goyal <vgoyal@redhat.com>
2013-11-28 11:39:20 +08:00
po Update translation file po/it.po 2013-01-28 14:02:09 +08:00
.gitignore pull makedumpfile-1.5.4 2013-07-12 10:50:10 +08:00
98-kexec.rules udev rules fix 2012-05-28 09:50:47 +08:00
dracut-kdump.sh Add rd.memdebug in kdump module 2013-11-28 11:39:18 +08:00
dracut-module-setup.sh Strip inline comments from the kdump config file before use 2013-09-27 10:09:25 +08:00
dracut-monitor_dd_progress monitor-dd-progress fix 2013-06-25 16:45:59 +08:00
firstboot_kdump.py firstboot:fix reserve mem ui spinbox step size 2012-12-12 17:15:10 +08:00
kdump-lib.sh kdump-lib.sh: strip_comments is not implemented correcty 2013-10-12 16:00:12 +08:00
kdump.conf add dracut_args option to kdump.conf 2013-04-27 10:44:48 +08:00
kdump.conf.5 add dracut_args option to kdump.conf 2013-04-27 10:44:48 +08:00
kdump.init - Fix a syntax error in kdump init script 2010-06-13 21:54:34 +00:00
kdump.service kdump.service: Start kdump after network is online and remote fs is mounted 2013-09-27 10:07:13 +08:00
kdump.sysconfig do not mount root twice 2012-07-12 11:15:35 +08:00
kdump.sysconfig.i386 kdump.sysconfig: default to "nofail" mount 2013-09-27 15:45:24 +08:00
kdump.sysconfig.ia64 Mass Update of RHEL5 patches 2008-06-05 15:18:53 +00:00
kdump.sysconfig.ppc64 kdump.sysconfig: default to "nofail" mount 2013-09-27 15:45:24 +08:00
kdump.sysconfig.s390x kdump.sysconfig: default to "nofail" mount 2013-09-27 15:45:24 +08:00
kdump.sysconfig.x86_64 kdump.sysconfig: default to "nofail" mount 2013-09-27 15:45:24 +08:00
kdumpctl kdumpctl: Avoid leaking fd to subshell 2013-11-28 11:39:20 +08:00
kexec-kdump-howto.txt kexec-kdump-howto: Add a section for debugging tips 2013-06-25 14:01:57 +08:00
kexec-tools-2.0.3-build-makedumpfile-eppic-shared-object.patch pull makedumpfile-1.5.4 2013-07-12 10:50:10 +08:00
kexec-tools-2.0.3-disable-kexec-test.patch Disable kexec_test 2012-01-21 16:56:07 +08:00
kexec-tools-2.0.4-kdump-x86-Process-multiple-Crash-kernel-in-proc-iome.patch kdump, x86: Process multiple Crash kernel in /proc/iomem 2013-10-29 13:17:31 +08:00
kexec-tools-2.0.4-kexec-i386-Add-cmdline_add_memmap_internal-to-reduce.patch Back port 2 revert commits 2013-09-27 17:01:24 +08:00
kexec-tools-2.0.4-makedumpfile-Add-vmap_area_list-definition-for-ppc-ppc64.patch makedumpfile: Add vmap_area_list definition for ppc/ppc64. 2013-07-18 16:05:56 +08:00
kexec-tools-2.0.4-makedumpfile-cache-Allocate-buffers-at-initialization-t.patch fix sadump format phys_base calculating error 2013-10-29 13:28:26 +08:00
kexec-tools-2.0.4-makedumpfile-cache-Reuse-entry-in-pending-list.patch fix sadump format phys_base calculating error 2013-10-29 13:28:26 +08:00
kexec-tools-2.0.4-makedumpfile-disable-mmap.patch makedumpfile: disable mmap 2013-11-15 13:32:20 +08:00
kexec-tools-2.0.4-makedumpfile-Fix-max_mapnr-issue-on-system-has-over-44-b.patch Fix max_mapnr issue on system has over 44-bit addressing. 2013-10-28 17:33:16 +08:00
kexec-tools-2.0.4-makedumpfile-PATCH-Support-newer-kernels.patch makedumpfile support kernel 3.10 2013-09-27 10:05:33 +08:00
kexec-tools-2.0.4-makedumpfile-Update-pfn_cyclic-when-the-cyclic-buffer-size-.patch makedumpfile: wrong cyclic buffer size recalculation causes bitmap data corruption 2013-10-29 13:15:46 +08:00
kexec-tools-2.0.4-makedumpfile-Use-divideup-to-calculate-maximum-required-bit.patch makedumpfile: wrong cyclic buffer size recalculation causes bitmap data corruption 2013-10-29 13:15:46 +08:00
kexec-tools-2.0.4-Revert-kexec-include-reserved-e820-sections-in-crash.patch Back port 2 revert commits 2013-09-27 17:01:24 +08:00
kexec-tools-2.0.4-Revert-kexec-lengthen-the-kernel-command-line-image.patch Back port 2 revert commits 2013-09-27 17:01:24 +08:00
kexec-tools.spec Release 2.0.4-13 2013-11-15 13:34:11 +08:00
mkdumprd kdump.sysconfig: default to "nofail" mount 2013-09-27 15:45:24 +08:00
mkdumprd.8 Remove comma which is redundant 2013-02-16 15:19:41 +08:00
rhcrashkernel-param rhcrashkernel-param: echo crashkernel=auto for rhel7 2012-08-20 15:01:47 +08:00
sources pull makedumpfile-1.5.4 2013-07-12 10:50:10 +08:00
zanata-notes.txt Add a notes for zanata process 2012-12-05 01:23:09 -05:00