Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
xen.34723
663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 663a383c-libxs-open-xenbus-fds-as-O_CLOEXEC.patch of Package xen.34723
# Commit f4f2f3402b2f4985d69ffc0d46f845d05fd0b60f # Date 2024-05-07 15:18:36 +0100 # Author Andrew Cooper <andrew.cooper3@citrix.com> # Committer Andrew Cooper <andrew.cooper3@citrix.com> tools/libxs: Open /dev/xen/xenbus fds as O_CLOEXEC The header description for xs_open() goes as far as to suggest that the fd is O_CLOEXEC, but it isn't actually. `xl devd` has been observed leaking /dev/xen/xenbus into children. Link: https://github.com/QubesOS/qubes-issues/issues/8292 Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Reviewed-by: Juergen Gross <jgross@suse.com> --- a/tools/libs/store/xs.c +++ b/tools/libs/store/xs.c @@ -54,6 +54,10 @@ struct xs_stored_msg { #include <dlfcn.h> #endif +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + struct xs_handle { /* Communications channel to xenstore daemon. */ int fd; @@ -227,7 +231,7 @@ error: static int get_dev(const char *connect_to) { /* We cannot open read-only because requests are writes */ - return open(connect_to, O_RDWR); + return open(connect_to, O_RDWR | O_CLOEXEC); } static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) {
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor