rpms
/
fail2ban
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix more selinux cloexec issues.

Browse Source
i9ce
athimm 15 years ago
parent 0894832f73
commit 91ef859ed6
2 changed files with 42 additions and 1 deletions
Show Stats Download Patch File Download Diff File

35
asyncserver.start_selinux.patch
Unescape View File

@ -0,0 +1,35 @@
From 20c717c25c5d180b720bec6902475f07b02f8b87 Mon Sep 17 00:00:00 2001
From: Jonathan G. Underwood <jonathan.underwood@gmail.com>
Date: Sun, 3 Jan 2010 02:16:09 +0000
Subject: [PATCH] Set socket file descriptor in AsyncServer.start to be CLOEXEC
https://bugzilla.redhat.com/show_bug.cgi?id=522767
---
server/asyncserver.py | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/server/asyncserver.py b/server/asyncserver.py
index 35cebf1..96b62d0 100644
--- a/server/asyncserver.py
+++ b/server/asyncserver.py
@@ -26,7 +26,7 @@ __license__ = "GPL"
from pickle import dumps, loads, HIGHEST_PROTOCOL
from common import helpers
-import asyncore, asynchat, socket, os, logging, sys, traceback
+import asyncore, asynchat, socket, os, logging, sys, traceback, fcntl
# Gets the instance of the logger.
logSys = logging.getLogger("fail2ban.server")
@@ -126,6 +126,8 @@ class AsyncServer(asyncore.dispatcher):
raise AsyncServerException("Server already running")
# Creates the socket.
self.create_socket(socket.AF_UNIX, socket.SOCK_STREAM)
+ fd = self.fileno()
+ fcntl.fcntl(fd, fcntl.F_SETFD, fd | fcntl.FD_CLOEXEC)
self.set_reuse_addr()
try:
self.bind(sock)
--
1.6.5.2

8
fail2ban.spec
Unescape View File

@ -4,7 +4,7 @@
Summary: Ban IPs that make too many password failures Summary: Ban IPs that make too many password failures
Name: fail2ban Name: fail2ban
Version: 0.8.4 Version: 0.8.4
Release: 23%{?dist} Release: 24%{?dist}
License: GPLv2+ License: GPLv2+
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://fail2ban.sourceforge.net/ URL: http://fail2ban.sourceforge.net/
@ -14,6 +14,7 @@ Patch0: fail2ban-0.8.3-init.patch
Patch1: fail2ban-0.8.1-sshd.patch Patch1: fail2ban-0.8.1-sshd.patch
Patch3: fail2ban-0.8.2-fd_cloexec.patch Patch3: fail2ban-0.8.2-fd_cloexec.patch
Patch6: fail2ban-0.8.3-log2syslog.patch Patch6: fail2ban-0.8.3-log2syslog.patch
Patch7: asyncserver.start_selinux.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: python-devel >= 2.3 BuildRequires: python-devel >= 2.3
BuildArch: noarch BuildArch: noarch
@ -33,6 +34,7 @@ failures. It updates firewall rules to reject the IP address.
%patch1 -p1 -b .sshd %patch1 -p1 -b .sshd
%patch3 -p1 -b .fd_cloexec %patch3 -p1 -b .fd_cloexec
%patch6 -p1 -b .log2syslog %patch6 -p1 -b .log2syslog
%patch7 -p1 -b .fd_cloexec2
%build %build
python setup.py build python setup.py build
@ -82,6 +84,10 @@ fi
%dir %{_localstatedir}/run/fail2ban %dir %{_localstatedir}/run/fail2ban
%changelog %changelog
* Sun Feb 14 2010 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-24
- Patch by Jonathan G. Underwood <jonathan.underwood@gmail.com> to
cloexec another fd leak.
* Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23 * Fri Sep 11 2009 Axel Thimm <Axel.Thimm@ATrpms.net> - 0.8.4-23
- update to 0.8.4. - update to 0.8.4.

Write Preview
Loading…
Cancel
Save