Steve Grubb wrote:
> diff -urNp xinetd-2.3.14.orig/xinetd/child.c xinetd-2.3.14/xinetd/child.c
> --- xinetd-2.3.14.orig/xinetd/child.c 2006-06-16 13:20:01.000000000 -0400
> +++ xinetd-2.3.14/xinetd/child.c 2006-08-24 14:11:09.000000000 -0400
> @@ -31,6 +31,9 @@
> #ifdef HAVE_NETDB_H
> #include <netdb.h>
> #endif
> +#ifdef LABELED_NET
> +#include <selinux/selinux.h>
> +#endif
>
> #include "str.h"
> #include "child.h"
> @@ -44,6 +47,12 @@
> #include "options.h"
> #include "redirect.h"
>
> +/* Local declarations */
> +#ifdef LABELED_NET
> +static int set_context_from_socket( int fd );
> +#endif
> +
> +
> /*
> * This function is running in the new process
> */
> @@ -143,6 +152,19 @@ void exec_server( const struct server *s
> }
> #endif
>
> + /*
> + Set the context if the option was given
> + */
> +#ifdef LABELED_NET
> + if (SC_LABELED_NET(scp))
> + {
> + if (set_context_from_socket( descriptor ) < 0)
> + msg( LOG_ERR, func,
> + "Changing process context failed for %s", SC_ID( scp )) ;
> + _exit( 1 ) ;
> + }
> +#endif
> +
Steve, you forgot to add braces around the error path for the
set_context_from_socket() call. Right now '_exit(1)' is always called
which causes the child server to die prematurely.
--
paul moore
linux security @ hp
--
redhat-lspp mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/redhat-lspp
