From 7b142317419beb97f4815159177a3dd96c76c282 Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe.macdonald@windriver.com>
Date: Fri, 11 Oct 2013 10:50:47 -0400
Subject: libselinux / policycoreutils: optional O_CLOEXEC

[ CQID: WIND00438478 ]

We still have hosts that pre-date the inclusion of O_CLOEXEC (Linux
2.6.23) so compile the flag out when building on classic distros.

Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
Signed-off-by: Jeff Polk <jeff.polk@windriver.com>
Signed-off-by: Mark Hatle <mark.hatle@windriver.com>
---
 .../libselinux-make-O_CLOEXEC-optional.patch       | 105 +++++++++++++++++++++
 recipes-security/selinux/libselinux_2.1.13.bb      |   1 +
 .../policycoreutils-make-O_CLOEXEC-optional.patch  |  45 +++++++++
 recipes-security/selinux/policycoreutils_2.1.14.bb |   1 +
 4 files changed, 152 insertions(+)
 create mode 100644 recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
 create mode 100644 recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch

diff --git a/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
new file mode 100644
index 0000000..453334e
--- /dev/null
+++ b/recipes-security/selinux/libselinux/libselinux-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,105 @@
+From 0a8c1c5f3d866d3a3c0f95653416f5f72587ce3a Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe.macdonald@windriver.com>
+Date: Fri, 11 Oct 2013 09:56:25 -0400
+Subject: [PATCH 2/2] libselinux: make O_CLOEXEC optional
+
+Various commits in the selinux tree in the current release added O_CLOEXEC
+to open() calls in an attempt to address file descriptor leaks as
+described:
+
+   http://danwalsh.livejournal.com/53603.html
+
+However O_CLOEXEC isn't available on all platforms, so make it a
+compile-time option and generate a warning when it is not available.  The
+actual impact of leaking these file descriptors is minimal, though it does
+produce curious AVC Denied messages.
+
+Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
+
+Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+---
+ src/label_file.c |    8 +++++++-
+ src/procattr.c   |    8 +++++++-
+ src/sestatus.c   |    8 +++++++-
+ src/stringrep.c  |    8 +++++++-
+ 4 files changed, 28 insertions(+), 4 deletions(-)
+
+diff --git a/src/label_file.c b/src/label_file.c
+index 5f697f3..49bb8df 100644
+--- a/src/label_file.c
++++ b/src/label_file.c
+@@ -255,7 +255,13 @@ static int load_mmap(struct selabel_handle *rec, const char *path, struct stat *
+ 	if (rc >= sizeof(mmap_path))
+ 		return -1;
+ 
+-	mmapfd = open(mmap_path, O_RDONLY | O_CLOEXEC);
++	mmapfd = open(mmap_path, O_RDONLY 
++#ifdef O_CLOEXEC
++                 | O_CLOEXEC
++#else
++#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++#endif
++                 );
+ 	if (mmapfd < 0)
+ 		return -1;
+ 
+diff --git a/src/procattr.c b/src/procattr.c
+index 6c5b45a..6cfe589 100644
+--- a/src/procattr.c
++++ b/src/procattr.c
+@@ -86,7 +86,13 @@ static int openattr(pid_t pid, const char *attr, int flags)
+ 	if (rc < 0)
+ 		return -1;
+ 
+-	fd = open(path, flags | O_CLOEXEC);
++	fd = open(path, flags
++#ifdef O_CLOEXEC
++             | O_CLOEXEC
++#else
++#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++#endif
++             );
+ 	free(path);
+ 	return fd;
+ }
+diff --git a/src/sestatus.c b/src/sestatus.c
+index ed29dc5..0cb15b6 100644
+--- a/src/sestatus.c
++++ b/src/sestatus.c
+@@ -268,7 +268,13 @@ int selinux_status_open(int fallback)
+ 		return -1;
+ 
+ 	snprintf(path, sizeof(path), "%s/status", selinux_mnt);
+-	fd = open(path, O_RDONLY | O_CLOEXEC);
++	fd = open(path, O_RDONLY
++#ifdef O_CLOEXEC
++             | O_CLOEXEC
++#else
++#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++#endif
++             );
+ 	if (fd < 0)
+ 		goto error;
+ 
+diff --git a/src/stringrep.c b/src/stringrep.c
+index ba75ccd..e6ccfd5 100644
+--- a/src/stringrep.c
++++ b/src/stringrep.c
+@@ -258,7 +258,13 @@ static struct discover_class_node * discover_class(const char *s)
+ 		struct stat m;
+ 
+ 		snprintf(path, sizeof path, "%s/class/%s/perms/%s", selinux_mnt,s,dentry->d_name);
+-		fd = open(path, O_RDONLY | O_CLOEXEC);
++		fd = open(path, O_RDONLY
++#ifdef O_CLOEXEC
++                | O_CLOEXEC
++#else
++#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++#endif
++                );
+ 		if (fd < 0)
+ 			goto err4;
+ 
+-- 
+1.7.10.4
+
diff --git a/recipes-security/selinux/libselinux_2.1.13.bb b/recipes-security/selinux/libselinux_2.1.13.bb
index 404d6f5..28b1ff1 100644
--- a/recipes-security/selinux/libselinux_2.1.13.bb
+++ b/recipes-security/selinux/libselinux_2.1.13.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
         file://libselinux-fix-init-load-policy.patch \
         file://libselinux-pcre-link-order.patch \
         file://libselinux-drop-Wno-unused-but-set-variable.patch \
+        file://libselinux-make-O_CLOEXEC-optional.patch \
         "
diff --git a/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
new file mode 100644
index 0000000..aaaa1e5
--- /dev/null
+++ b/recipes-security/selinux/policycoreutils/policycoreutils-make-O_CLOEXEC-optional.patch
@@ -0,0 +1,45 @@
+From dca6a89058d818827d6f1c80c9b6abb46002b855 Mon Sep 17 00:00:00 2001
+From: Joe MacDonald <joe.macdonald@windriver.com>
+Date: Fri, 11 Oct 2013 09:55:43 -0400
+Subject: [PATCH 1/2] policycoreutils: make O_CLOEXEC optional
+
+Various commits in the selinux tree in the current release added O_CLOEXEC
+to open() calls in an attempt to address file descriptor leaks as
+described:
+
+   http://danwalsh.livejournal.com/53603.html
+
+However O_CLOEXEC isn't available on all platforms, so make it a
+compile-time option and generate a warning when it is not available.  The
+actual impact of leaking these file descriptors is minimal, though it does
+produce curious AVC Denied messages.
+
+Uptream-Status: Inappropriate [O_CLOEXEC has been in Linux since 2007 and POSIX since 2008]
+
+Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
+---
+ restorecond/user.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/restorecond/user.c b/restorecond/user.c
+index 00a646f..50f3ab6 100644
+--- a/restorecond/user.c
++++ b/restorecond/user.c
+@@ -201,7 +201,13 @@ static int local_server() {
+ 			perror("asprintf");
+ 		return -1;
+ 	}
+-	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW | O_CLOEXEC, S_IRUSR | S_IWUSR);
++	int fd = open(ptr, O_CREAT | O_WRONLY | O_NOFOLLOW 
++#ifdef O_CLOEXEC
++                 | O_CLOEXEC
++#else
++#warning O_CLOEXEC undefined on this platform, this may leak file descriptors
++#endif
++                 , S_IRUSR | S_IWUSR);
+ 	if (debug_mode)
+ 		g_warning ("Lock file: %s", ptr);
+ 
+-- 
+1.7.10.4
+
diff --git a/recipes-security/selinux/policycoreutils_2.1.14.bb b/recipes-security/selinux/policycoreutils_2.1.14.bb
index b177042..64f0d8d 100644
--- a/recipes-security/selinux/policycoreutils_2.1.14.bb
+++ b/recipes-security/selinux/policycoreutils_2.1.14.bb
@@ -12,4 +12,5 @@ SRC_URI += "\
 	file://policycoreutils-fix-strict-prototypes.patch \
 	file://policycoreutils-revert-run_init-open_init_pty.patch \
 	file://policycoreutils-fix-sepolicy-install-path.patch \
+	file://policycoreutils-make-O_CLOEXEC-optional.patch \
 	"
-- 
cgit v1.2.3-54-g00ecf