Fix more selinux cloexec issues.
This commit is contained in:
athimm
parent
0894832f73
commit
91ef859ed6
2 changed files with 42 additions and 1 deletions
35
asyncserver.start_selinux.patch
Normal file
35
asyncserver.start_selinux.patch
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
|
||||
From: Jonathan G. Underwood <jonathan.underwood@gmail.com>
|
||||
Date: Sun, 3 Jan 2010 02:16:09 +0000
|
||||
Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC
|
||||
|
||||
https://bugzilla.redhat.com/show_bug.cgi?id=522767
|
||||
---
|
||||
server/asyncserver.py | 4 +++-
|
||||
1 files changed, 3 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/server/asyncserver.py b/server/asyncserver.py
|
||||
index 35cebf1..96b62d0 100644
|
||||
--- a/server/asyncserver.py
|
||||
+++ b/server/asyncserver.py
|
||||
@@ -26,7 +26,7 @@ __license__ = "GPL"
|
||||
|
||||
from pickle import dumps, loads, HIGHEST_PROTOCOL
|
||||
from common import helpers
|
||||
-import asyncore, asynchat, socket, os, logging, sys, traceback
|
||||
+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
|
||||
|
||||
# Gets the instance of the logger.
|
||||
logSys = logging.getLogger("fail2ban.server")
|
||||
@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
|
||||
raise AsyncServerException("Server already running")
|
||||
# Creates the socket.
|
||||
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
|
||||
+ fd = self.fileno()
|
||||
+ fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
|
||||
self.set_reuse_addr()
|
||||
try:
|
||||
self.bind(sock)
|
||||
--
|
||||
1.6.5.2
|
||||
|
||||
|
|
@ -4,7 +4,7 @@
|
|||
Summary: Ban IPs that make too many password failures
|
||||
Name: fail2ban
|
||||
Version: 0.8.4
|
||||
Release: 23%{?dist}
|
||||
Release: 24%{?dist}
|
||||
License: GPLv2+
|
||||
Group: System Environment/Daemons
|
||||
URL: http://fail2ban.sourceforge.net/
|
||||
|
|
@ -14,6 +14,7 @@ Patch0: fail2ban-0.8.3-init.patch
|
|||
Patch1: fail2ban-0.8.1-sshd.patch
|
||||
Patch3: fail2ban-0.8.2-fd_cloexec.patch
|
||||
Patch6: fail2ban-0.8.3-log2syslog.patch
|
||||
Patch7: asyncserver.start_selinux.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
|
||||
BuildRequires: python-devel >= 2.3
|
||||
BuildArch: noarch
|
||||
|
|
@ -33,6 +34,7 @@ failures. It updates firewall rules to reject the IP address.
|
|||
%patch1 -p1 -b .sshd
|
||||
%patch3 -p1 -b .fd_cloexec
|
||||
%patch6 -p1 -b .log2syslog
|
||||
%patch7 -p1 -b .fd_cloexec2
|
||||
|
||||
%build
|
||||
python setup.py build
|
||||
|
|
@ -82,6 +84,10 @@ fi
|
|||
%dir %{_localstatedir}/run/fail2ban
|
||||
|
||||
%changelog
|
||||
* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
|
||||
- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
|
||||
cloexec another fd leak.
|
||||
|
||||
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
|
||||
- update to 0.8.4.
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue