From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 Description of problem: Running strict enforcing off of Rawhide, udev is still leaking fds across execs, especially execs of /sbin/restorecon. Here is an example avc showing the leak: Aug 14 19:35:38 fedora kernel: audit(1092537300.503:0): avc: denied { read write } for pid=1214 exe=/sbin/restorecon path=socket:[1188] dev=sockfs ino=1188 scontext=system_u:system_r:restorecon_t tcontext=system_u:system_r:udev_t tclass=unix_dgram_socket It appears that udev is not calling fcntl(fd, F_SETFD, FD_CLOEXEC) on some file descriptors. Here is a patch to /etc/dev.d/default/selinux.dev that closes enough (all?) of the problematic file descriptors before exec-ing /sbin/restorecon, but I think the proper fix is to call fcntl(..., ..., FD_CLOEXEC). --- selinux.dev 2004-08-15 08:58:13.000000000 -0700 +++ /etc/dev.d/default/selinux.dev 2004-08-14 20:19:12.000000000 -0700 @@ -10,5 +10,5 @@ if [ "$UDEV_LOG" = "yes" -a -x /usr/bin/logger ]; then /usr/bin/logger -t selinux.dev -p auth.debug "Restoring file security contexts for $DEVNAME" fi - /sbin/restorecon $DEVNAME 4<&- + /sbin/restorecon $DEVNAME 3<&- 4<&- 5<&- 6<&- fi Version-Release number of selected component (if applicable): udev-030-3 How reproducible: Always Steps to Reproduce: 1. run with SELinux strict/enforcing 2. look at log 3. Additional info:
*** This bug has been marked as a duplicate of 130351 ***
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.