Your message dated Mon, 9 Nov 2015 02:21:02 +0100
with message-id <[email protected]>
and subject line Re: Bug#800417: systemd: leaks a unix stream socket file handle
has caused the Debian Bug report #800417,
regarding systemd: leaks a unix stream socket file handle
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
800417: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=800417
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: systemd
Version: 215-17+deb8u2
Severity: minor
The following lines from the output of dmesg show that systemd (init_t) is
leaking socket file handle 7748 when spawning kmod. It should either close the
file handle before calling exec() or set FD_CLOEXEC.
In this case it's a minor bug (mostly an annoyance for me when writing SE
Linux policy) but in other situations such bugs can have security implications
so I won't write policy to hide this.
I can give you root access to a virtual machine demonstrating this problem if
it's of use to you.
[ 2.809497] audit: type=1400 audit(1443503644.476:4): avc: denied { read
write } for pid=151 comm="kmod" path="socket:[7748]" dev="sockfs" ino=7748
scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=unix_stream_socket permissive=0
[ 2.809564] audit: type=1400 audit(1443503644.476:4): avc: denied { read
write } for pid=151 comm="kmod" path="socket:[7748]" dev="sockfs" ino=7748
scontext=system_u:system_r:insmod_t:s0 tcontext=system_u:system_r:init_t:s0
tclass=unix_stream_socket permissive=0
-- System Information:
Debian Release: 8.2
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.1.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages systemd depends on:
ii acl 2.2.52-2
ii adduser 3.113+nmu3
ii initscripts 2.88dsf-59
ii libacl1 2.2.52-2
ii libaudit1 1:2.4-1+b1
ii libblkid1 2.25.2-6
ii libc6 2.19-18+deb8u1
ii libcap2 1:2.24-8
ii libcap2-bin 1:2.24-8
ii libcryptsetup4 2:1.6.6-5
ii libgcrypt20 1.6.3-2
ii libkmod2 18-3
ii liblzma5 5.1.1alpha+20120614-2+b3
ii libpam0g 1.1.8-3.1
ii libselinux1 2.3-2
ii libsystemd0 215-17+deb8u2
ii mount 2.25.2-6
ii sysv-rc 2.88dsf-59
ii udev 215-17+deb8u2
ii util-linux 2.25.2-6
Versions of packages systemd recommends:
pn dbus <none>
pn libpam-systemd <none>
Versions of packages systemd suggests:
pn systemd-ui <none>
-- no debconf information
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
--- End Message ---
--- Begin Message ---
Hi Russell
Am 02.10.2015 um 09:04 schrieb Russell Coker:
> On Thu, 1 Oct 2015 12:59:08 AM Michael Biebl wrote:
>> Can you reproduce this problem with systemd v226 from unstable/testing?
>
> Yes. It happens with version 226-3.
>
>> If so, it would be great if you can file this issue upstream at
>> https://github.com/systemd/systemd/issues
Upstream closed the issue with the following comment:
"
Note that we pass an AF_UNIX/SOCK_STREAM socket as stdout/stderr/stdin
to invoked processes.
"
and he's pretty sure that this the file handle you see.
So I'm closing this bug report as well. If there is still something
which needs to be done, please reopen and follow-up on the upstream bug.
Cheers,
Michael
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
Pkg-systemd-maintainers mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
