libselinux/0023-libselinux-label_db-db_init-open-file-with-CLOEXEC-m.patch
Petr Lautrbach 3b5b188591 libselinux-3.2-3
- selinux_check_passwd_access_internal(): respect deny_unknown
- Silence -Wstringop-overflow warning from gcc 10.3.1
- Fixed misc compiler and static analyzer findings

Resolves: rhbz#1938789
2021-05-25 15:44:10 +02:00

37 lines
1.1 KiB
Diff

From 370b39312430af8fc0426cc91a287def5d253771 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>
Date: Mon, 3 May 2021 17:11:19 +0200
Subject: [PATCH] libselinux: label_db::db_init(): open file with CLOEXEC mode
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Open the file stream with the `e` flag, so that the underlying file
descriptor gets closed on an exec in a potential sibling thread.
Also drop the flag `b`, since it is ignored on POSIX systems.
Found by clang-tidy.
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
---
libselinux/src/label_db.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
index fba96c92299f..94c05c6d4397 100644
--- a/libselinux/src/label_db.c
+++ b/libselinux/src/label_db.c
@@ -277,7 +277,7 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
if (!path)
path = selinux_sepgsql_context_path();
- if ((filp = fopen(path, "rb")) == NULL) {
+ if ((filp = fopen(path, "re")) == NULL) {
free(catalog);
return NULL;
}
--
2.32.0.rc1