[PATCH] Re: Leaked file descriptors from browser to npviewer.bin

Gwenole Beauchesne gb.public at free.fr
Sun Nov 30 09:37:10 UTC 2008


Hi,

----- "Warren Togami" <wtogami at redhat.com> a écrit :

> Are all of these file descriptors from npviewer.bin and Flash?  It 
> appears that some are leaked from the fork() from firefox.  According
> to 
> dwalsh, SELinux automatically closes some leaked file descriptors that
> 
> are not allowed after the transition, but others remain?

I have committed the following patch.
1) Close all open files. I used different strategies to determine OPEN_MAX. call to getrlimit() could be removed on contemporary systems though.
2) Add SOCK_CLOEXEC to socket(). I have not tested this one yet (e.g. mplayerplug-in)

Regards,
Gwenole.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nspluginwrapper-cloexec.patch
Type: text/x-patch
Size: 4497 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/nspluginwrapper-devel-list/attachments/20081130/0133b72f/attachment.bin>


More information about the Nspluginwrapper-devel-list mailing list