Re: [ebtables PATCH] Open the lockfile with O_CLOEXEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [ebtables PATCH] Open the lockfile with O_CLOEXEC
From: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
Date: Wed, 17 Feb 2021 23:59:17 +0100
Cc: netfilter-devel@xxxxxxxxxxxxxxx
In-reply-to: <20210217213023.15403-1-omosnace@redhat.com>
User-agent: Mozilla/5.0

On Wed, Feb 17, 2021 at 10:30:23PM +0100, Ondrej Mosnacek wrote:
> Otherwise the fd will leak to subprocesses (e.g. modprobe). That's
> mostly benign, but it may trigger an SELinux denial when the modprobe
> process transitions to another domain.

Applied, thanks.

References:
- [ebtables PATCH] Open the lockfile with O_CLOEXEC
  - From: Ondrej Mosnacek

Prev by Date: Re: [PATCH net-next 1/3] netfilter: nftables: add helper function to release one table
Next by Date: Re: [libnftnl PATCH 1/2] Avoid out of bound reads in tests.
Previous by thread: [ebtables PATCH] Open the lockfile with O_CLOEXEC
Index(es):
- Date
- Thread

[Index of Archives] [Netfitler Users] [Berkeley Packet Filter] [LARTC] [Bugtraq] [Yosemite Forum]

Powered by Linux