Red Hat Bugzilla – Bug 508499
dbus is leaking open file descriptor in inotify_init
Last modified: 2014-06-02 09:07:38 EDT
+++ This bug was initially created as a clone of Bug #505338 +++
Created an attachment (id=347420)
inotify patch to stop leak
Description of problem:
Should be back ported to F11, F10, RHEL5 if possible. Just causes lots of AVC's in domains that do not use inotify.
--- Additional comment from email@example.com on 2009-06-11 11:02:03 EDT ---
I wouldn't really suggest that particular patch....
but it's close. you can make it inotify_init1() which takes flags like IN_CLOEXEC, but inotify_init() takes a void. inotify_init1 requires a newer kernel. the safest most backwards compatible way would be to add
flags = fcntl(inotify_fd, F_GETFD);
if (flags == -1)
/* Handle error */;
flags |= FD_CLOEXEC;
fcntl(inotify_fd, F_SETFD, flags);
--- Additional comment from firstname.lastname@example.org on 2009-06-11 15:21:03 EDT ---
Hmm, I guess other inotify using code should get the same fix ? Such as the file monitoring code in gio...
--- Additional comment from email@example.com on 2009-06-11 17:47:58 EDT ---
If they are going to execute a confined domain, then they need to make sure all file descriptors are locked before exec. Otherwise the confined apps end up with avc's suggesting they need inotify. So far we have found cron and dbus with this problem.
--- Additional comment from firstname.lastname@example.org on 2009-06-27 18:54:51 EDT ---
Filed upstream: https://bugs.freedesktop.org/show_bug.cgi?id=22516
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).