Bug#800417: systemd: leaks a unix stream socket file handle
Michael Biebl
biebl at debian.org
Wed Sep 30 15:59:08 BST 2015
Hi Russel,
Am 29.09.2015 um 07:43 schrieb Russell Coker:
> Package: systemd
> Version: 215-17+deb8u2
> Severity: minor
>
> The following lines from the output of dmesg show that systemd (init_t) is
> leaking socket file handle 7748 when spawning kmod. It should either close the
> file handle before calling exec() or set FD_CLOEXEC.
>
> In this case it's a minor bug (mostly an annoyance for me when writing SE
> Linux policy) but in other situations such bugs can have security implications
> so I won't write policy to hide this.
>
> I can give you root access to a virtual machine demonstrating this problem if
> it's of use to you.
>
> [ 2.809497] audit: type=1400 audit(1443503644.476:4): avc: denied { read
> write } for pid=151 comm="kmod" path="socket:[7748]" dev="sockfs" ino=7748
> scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:system_r:init_t:s0
> tclass=unix_stream_socket permissive=0
> [ 2.809564] audit: type=1400 audit(1443503644.476:4): avc: denied { read
> write } for pid=151 comm="kmod" path="socket:[7748]" dev="sockfs" ino=7748
> scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:system_r:init_t:s0
> tclass=unix_stream_socket permissive=0
Can you reproduce this problem with systemd v226 from unstable/testing?
If so, it would be great if you can file this issue upstream at
https://github.com/systemd/systemd/issues
Regards,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150930/9c4a78a4/attachment-0002.sig>
More information about the Pkg-systemd-maintainers
mailing list