diff options
Diffstat (limited to '0010-tools-libxs-Open-dev-xen-xenbus-fds-as-O_CLOEXEC.patch')
-rw-r--r-- | 0010-tools-libxs-Open-dev-xen-xenbus-fds-as-O_CLOEXEC.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/0010-tools-libxs-Open-dev-xen-xenbus-fds-as-O_CLOEXEC.patch b/0010-tools-libxs-Open-dev-xen-xenbus-fds-as-O_CLOEXEC.patch deleted file mode 100644 index 9f9cdd7..0000000 --- a/0010-tools-libxs-Open-dev-xen-xenbus-fds-as-O_CLOEXEC.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 2bc52041cacb33a301ebf939d69a021597941186 Mon Sep 17 00:00:00 2001 -From: Andrew Cooper <andrew.cooper3@citrix.com> -Date: Tue, 21 May 2024 10:21:47 +0200 -Subject: [PATCH 10/56] tools/libxs: Open /dev/xen/xenbus fds as O_CLOEXEC - -The header description for xs_open() goes as far as to suggest that the fd is -O_CLOEXEC, but it isn't actually. - -`xl devd` has been observed leaking /dev/xen/xenbus into children. - -Link: https://github.com/QubesOS/qubes-issues/issues/8292 -Reported-by: Demi Marie Obenour <demi@invisiblethingslab.com> -Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> -Reviewed-by: Juergen Gross <jgross@suse.com> -master commit: f4f2f3402b2f4985d69ffc0d46f845d05fd0b60f -master date: 2024-05-07 15:18:36 +0100 ---- - tools/libs/store/xs.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/tools/libs/store/xs.c b/tools/libs/store/xs.c -index 140b9a2839..1498515073 100644 ---- a/tools/libs/store/xs.c -+++ b/tools/libs/store/xs.c -@@ -54,6 +54,10 @@ struct xs_stored_msg { - #include <dlfcn.h> - #endif - -+#ifndef O_CLOEXEC -+#define O_CLOEXEC 0 -+#endif -+ - struct xs_handle { - /* Communications channel to xenstore daemon. */ - int fd; -@@ -227,7 +231,7 @@ error: - static int get_dev(const char *connect_to) - { - /* We cannot open read-only because requests are writes */ -- return open(connect_to, O_RDWR); -+ return open(connect_to, O_RDWR | O_CLOEXEC); - } - - static int all_restrict_cb(Xentoolcore__Active_Handle *ah, domid_t domid) { --- -2.45.2 - |