On Fri, 08 Aug 2008 14:12:21 +0800 Ian Kent <raven@xxxxxxxxxx> wrote: > > > No problem. > > > You mentioned this last time as well. > > > > > > Since there are a couple of possible approaches and I wasn't sure which > > > way to go I thought I'd post it as is and get feedback then make it a > > > followup patch. > > > > > > Could the pthreads user space daemon exec something between fd_install() > > > and set_close_on_exec()? > > > > Gee, I don't know, it would depend on the context. > > > > Is that a private file*? Was it just created, and is there no > > possibility that any other thread can be sharing it anyway? If so, > > there's no problem. > > The problem is that autofs threads can exec mount or umount at any time > and we see annoying selinux file descriptor leak security violation > messages. So the point of this is to set the bit at the same time as the > file is inserted into the table. > > > > > > Perhaps there are some other alternative approaches to this. > > > > > > Suggestions? > > > > I don't know enough about autofs nor about what problem you're > > attacking here to be able to say, sorry. I don't even know why > > close_on_exec is being set? > > OK, sorry. > > What I'm really after is: > Should I do this at all, given the above? I don't reliably know, sorry. <does viro summoning dance> > If this is sensible, should a parameter be added to fd_insall() to allow > it to be requested at descriptor install or should a new function, say, > fd_install_close_on_exec() be added? If we decide to do it this way, then we can add an extra arg to fd_install(), I guess. void fd_install(unsigned int fd, struct file *file, void (*callback)(struct file *)); -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
