First Last Prev Next    This bug is not in your last search results.
Bug 496973 - Crond leaks its inotify file descriptor
Crond leaks its inotify file descriptor
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: cronie (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Marcela Mašláňová
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-04-21 17:20 EDT by Eric Paris
Modified: 2009-04-23 05:30 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-23 05:30:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Eric Paris 2009-04-21 17:20:01 EDT 
src/cron.c::main() has this call to set up the inotify file descriptor

        database.ifd = fd = inotify_init();
        if (fd < 0)
                log_it("CRON", pid, "INFO", "Inotify init failed", errno);
        set_cron_watched(fd);

But this means that fd is going to be leaked to it's children on exec.  SELinux spotted denials that are almost certainly because of this leaked file descriptor across execve.

I suggest using

databse.ifd = fd = inotify_init1(IN_CLOEXEC)

instead of just inotify_init()
Comment 1 Marcela Mašláňová 2009-04-23 05:30:44 EDT 
Thanks for report.

It's better to use fcntl here, because inotify_init1 is used since kernel-2.6.27 and cronie should be used also with older kernels.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.