As per a discussion I had on the fedora-selinux list (https://www.redhat.com/archives/fedora-selinux-list/2007-October/msg00033.html), Dan Walsh suggested filing a bug report in regards to a FD leak noticed when tracking iptables with selinux - it appears a few fcntl(fd, F_SETFD, FD_CLOEXEC) calls are missing before fork/exec. See here for the details: https://bugzilla.redhat.com/show_bug.cgi?id=364331 -Tim - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html