From 870170efea83e194e32ca1249e083e6f079b98aa Mon Sep 17 00:00:00 2001 From: Simon McVittie Date: Wed, 19 Aug 2015 23:47:40 +0100 Subject: [PATCH] audit: make the first few fds close-on-exec libcap-ng < 0.7.7 leaks one non-close-on-exec fd during initialization. test-bus asserts that all fds beyond 2 passed to an executed subprocess have the close-on-exec flag set, which will fail at that leaked fd. This was unnoticed until commit 517c4685, because libaudit was previously only initialized if we were configured to switch uid, which the regression tests do not do; the system bus is normally the only place that happens, but the system bus is not normally run with the "embedded tests" enabled (since they are bad for performance and security). --- bus/audit.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/bus/audit.c b/bus/audit.c index 954afa7..7705e42 100644 --- a/bus/audit.c +++ b/bus/audit.c @@ -52,8 +52,15 @@ void bus_audit_init (BusContext *context) { #ifdef HAVE_LIBAUDIT + int i; + capng_get_caps_process (); + /* Work around a bug in libcap-ng < 0.7.7: it leaks a fd, which isn't + * close-on-exec. Assume it will be one of the first few fds. */ + for (i = 3; i < 42; i++) + _dbus_fd_set_close_on_exec (i); + if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) return; -- 2.5.0