Allow execWithRedirect to close fds and then take advantage of
that to avoid the avc on running loadkeys due to a leaked fd.
---
src/executil.py | 8 +++++++-
src/keyboard.py | 4 ++--
2 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/src/executil.py b/src/executil.py
index 7454d0e..414e141 100644
--- a/src/executil.py
+++ b/src/executil.py
@@ -31,7 +31,7 @@ def getfd(filespec, readOnly = 0):
def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2,
searchPath = 0, root = '/', newPgrp = 0,
- ignoreTermSigs = 0):
+ ignoreTermSigs = 0, closeFds = False):
stdin = getfd(stdin)
if stdout == stderr:
stdout = getfd(stdout)
@@ -57,6 +57,12 @@ def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2,
signal.signal(signal.SIGTSTP, signal.SIG_IGN)
signal.signal(signal.SIGINT, signal.SIG_IGN)
+ if closeFds:
+ try:
+ os.closerange(3, os.sysconf("SC_OPEN_MAX"))
+ except:
+ pass
+
if type(stdin) == type("a"):
stdin = os.open(stdin, os.O_RDONLY)
if type(stdout) == type("a"):
diff --git a/src/keyboard.py b/src/keyboard.py
index 4ccf81e..b7918d4 100644
--- a/src/keyboard.py
+++ b/src/keyboard.py
@@ -131,7 +131,7 @@ class Keyboard(SimpleConfigFile):
argv = [ command, console_kbd ]
if os.access(argv[0], os.X_OK) == 1:
- executil.execWithRedirect(argv[0], argv)
+ executil.execWithRedirect(argv[0], argv, closeFds = True)
try:
kbd = self.modelDict[console_kbd]
@@ -156,4 +156,4 @@ class Keyboard(SimpleConfigFile):
argv = argv + [ "-variant", variant ]
if os.access(argv[0], os.X_OK) == 1:
- executil.execWithRedirect(argv[0], argv, searchPath = 1)
+ executil.execWithRedirect(argv[0], argv, searchPath = 1, closeFds = True)
--
1.6.1
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
