Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 508499

Summary: dbus is leaking open file descriptor in inotify_init
Product: Red Hat Enterprise Linux 5 Reporter: Matthias Clasen <mclasen>
Component: dbusAssignee: Matthias Clasen <mclasen>
Status: CLOSED WONTFIX QA Contact: desktop-bugs <desktop-bugs>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: eparis, mclasen, selinux, walters
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 505338 Environment:
Last Closed: 2014-06-02 13:07:38 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 505338    
Bug Blocks:    

Description Matthias Clasen 2009-06-27 23:09:08 UTC 
+++ This bug was initially created as a clone of Bug #505338 +++

Created an attachment (id=347420)
inotify patch to stop leak

Description of problem:

Should be back ported to F11, F10, RHEL5 if possible.  Just causes lots of AVC's in domains that do not use inotify.

--- Additional comment from eparis on 2009-06-11 11:02:03 EDT ---

I wouldn't really suggest that particular patch....

but it's close.  you can make it inotify_init1() which takes flags like IN_CLOEXEC, but inotify_init() takes a void.  inotify_init1 requires a newer kernel.  the safest most backwards compatible way would be to add

int flags;
flags = fcntl(inotify_fd, F_GETFD);
if (flags == -1)
    /* Handle error */;
flags |= FD_CLOEXEC;
fcntl(inotify_fd, F_SETFD, flags);

--- Additional comment from mclasen on 2009-06-11 15:21:03 EDT ---

Hmm, I guess other inotify using code should get the same fix ? Such as the file monitoring code in gio...

--- Additional comment from dwalsh on 2009-06-11 17:47:58 EDT ---

If they are going to execute a confined domain, then they need to make sure all file descriptors are locked before exec.  Otherwise the confined apps end up with avc's suggesting they need inotify.  So far we have found cron and dbus with this problem.

--- Additional comment from mclasen on 2009-06-27 18:54:51 EDT ---

Filed upstream: https://bugs.freedesktop.org/show_bug.cgi?id=22516
Comment 2 RHEL Program Management 2014-03-07 13:39:14 UTC 
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 3 RHEL Program Management 2014-06-02 13:07:38 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).