[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[PATCH] execWithRedirect can close fds now (#501368)



Allow execWithRedirect to close fds and then take advantage of
that to avoid the avc on running loadkeys due to a leaked fd.
---
 src/executil.py |    8 +++++++-
 src/keyboard.py |    4 ++--
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/src/executil.py b/src/executil.py
index 7454d0e..414e141 100644
--- a/src/executil.py
+++ b/src/executil.py
@@ -31,7 +31,7 @@ def getfd(filespec, readOnly = 0):
 
 def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2,	
 		     searchPath = 0, root = '/', newPgrp = 0,
-		     ignoreTermSigs = 0):
+		     ignoreTermSigs = 0, closeFds = False):
     stdin = getfd(stdin)
     if stdout == stderr:
 	stdout = getfd(stdout)
@@ -57,6 +57,12 @@ def execWithRedirect(command, argv, stdin = 0, stdout = 1, stderr = 2,
 	    signal.signal(signal.SIGTSTP, signal.SIG_IGN)
 	    signal.signal(signal.SIGINT, signal.SIG_IGN)
 
+        if closeFds:
+            try:
+                os.closerange(3, os.sysconf("SC_OPEN_MAX"))
+            except:
+                pass
+
 	if type(stdin) == type("a"):
 	    stdin = os.open(stdin, os.O_RDONLY)
 	if type(stdout) == type("a"):
diff --git a/src/keyboard.py b/src/keyboard.py
index 4ccf81e..b7918d4 100644
--- a/src/keyboard.py
+++ b/src/keyboard.py
@@ -131,7 +131,7 @@ class Keyboard(SimpleConfigFile):
         argv = [ command, console_kbd ]
 
         if os.access(argv[0], os.X_OK) == 1:
-            executil.execWithRedirect(argv[0], argv)
+            executil.execWithRedirect(argv[0], argv, closeFds = True)
 
         try:
             kbd = self.modelDict[console_kbd]
@@ -156,4 +156,4 @@ class Keyboard(SimpleConfigFile):
             argv = argv + [ "-variant", variant ]
 
         if os.access(argv[0], os.X_OK) == 1:
-            executil.execWithRedirect(argv[0], argv, searchPath = 1)
+            executil.execWithRedirect(argv[0], argv, searchPath = 1, closeFds = True)
-- 
1.6.1


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]