Bug 496973 - Crond leaks its inotify file descriptor
Summary: Crond leaks its inotify file descriptor
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: cronie
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Marcela Mašláňová
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2009-04-21 21:20 UTC by Eric Paris
Modified: 2009-04-23 09:30 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2009-04-23 09:30:44 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Eric Paris 2009-04-21 21:20:01 UTC
src/cron.c::main() has this call to set up the inotify file descriptor

        database.ifd = fd = inotify_init();
        if (fd < 0)
                log_it("CRON", pid, "INFO", "Inotify init failed", errno);
        set_cron_watched(fd);

But this means that fd is going to be leaked to it's children on exec.  SELinux spotted denials that are almost certainly because of this leaked file descriptor across execve.

I suggest using

databse.ifd = fd = inotify_init1(IN_CLOEXEC)

instead of just inotify_init()

Comment 1 Marcela Mašláňová 2009-04-23 09:30:44 UTC
Thanks for report.

It's better to use fcntl here, because inotify_init1 is used since kernel-2.6.27 and cronie should be used also with older kernels.


Note You need to log in before you can comment on or make changes to this bug.