Bug 505338
| Summary: | dbus is leaking open file descriptor in inotify_init | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Daniel Walsh <dwalsh> | ||||
| Component: | dbus | Assignee: | David Zeuthen <davidz> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | rawhide | CC: | davidz, eparis, mclasen, selinux, walters | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | 1.2.12-2.fc11 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 508499 (view as bug list) | Environment: | |||||
| Last Closed: | 2009-07-22 21:42:11 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 508499 | ||||||
| Attachments: |
|
||||||
I wouldn't really suggest that particular patch....
but it's close. you can make it inotify_init1() which takes flags like IN_CLOEXEC, but inotify_init() takes a void. inotify_init1 requires a newer kernel. the safest most backwards compatible way would be to add
int flags;
flags = fcntl(inotify_fd, F_GETFD);
if (flags == -1)
/* Handle error */;
flags |= FD_CLOEXEC;
fcntl(inotify_fd, F_SETFD, flags);
Hmm, I guess other inotify using code should get the same fix ? Such as the file monitoring code in gio... If they are going to execute a confined domain, then they need to make sure all file descriptors are locked before exec. Otherwise the confined apps end up with avc's suggesting they need inotify. So far we have found cron and dbus with this problem. Filed upstream: https://bugs.freedesktop.org/show_bug.cgi?id=22516 dbus-1.2.12-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/dbus-1.2.12-2.fc11 dbus-1.2.4-4.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/dbus-1.2.4-4.fc10 dbus-1.2.4-4.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dbus'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-7130 dbus-1.2.12-2.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update dbus'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7136 dbus-1.2.4-4.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. dbus-1.2.12-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. |
Created attachment 347420 [details] inotify patch to stop leak Description of problem: Should be back ported to F11, F10, RHEL5 if possible. Just causes lots of AVC's in domains that do not use inotify.