]> git.ipfire.org Git - thirdparty/mdadm.git/commit - Monitor.c
projects / thirdparty / mdadm.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 32e5a4e) | patch
Mark some files FD_CLOEXEC to protect sendmail from them.
authorDoug Ledford <dledford@redhat.com>
Sun, 8 Jul 2007 23:59:54 +0000 (09:59 +1000)
committerNeil Brown <neilb@suse.de>
Sun, 8 Jul 2007 23:59:54 +0000 (09:59 +1000)
commite4dc510628a8c2d7b92c8ed537987716175a23a2
tree079411e5d3d0226bd440a8d6ddc3b3593a511d71tree | snapshot
parent32e5a4ee4c7a310c67faa7d1301af2ae6d75e884commit | diff
Mark some files FD_CLOEXEC to protect sendmail from them.

From: Doug Ledford <dledford@redhat.com>

When running with SELinux enabled and using mdadm to monitor devices,
attempts to send emails to an admin will be blocked because mdadm is
holding open /proc/mdstat without setting the FD_CLOEXEC flag.  As a
result, sendmail has an open descriptor to /proc/mdstat after the
popen() call, which SELinux decides isn't really any of sendmail's
business and so sendmail gets denied.
Monitor.c diff | blob | blame | history
mdstat.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.