debian/patches/extra/0007-apparmor-use-fopen_cloexec.patch

   1 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
   2 From: Wolfgang Bumiller <w.bumiller@proxmox.com>
   3 Date: Wed, 25 Jul 2018 12:06:16 +0200
   4 Subject: [PATCH] apparmor: use fopen_cloexec
   5
   6 Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
   7 (cherry picked from commit 7e556d185c49ff99825612bc7d6c93afc34113c8)
   8 ---
   9  src/lxc/lsm/apparmor.c | 5 +++--
  10  1 file changed, 3 insertions(+), 2 deletions(-)
  11
  12 diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
  13 index 95b61943..5fe6d525 100644
  14 --- a/src/lxc/lsm/apparmor.c
  15 +++ b/src/lxc/lsm/apparmor.c
  16 @@ -32,6 +32,7 @@
  17  #include "lsm.h"
  18  #include "conf.h"
  19  #include "utils.h"
  20 +#include "initutils.h"
  21
  22  lxc_log_define(apparmor, lsm);
  23
  24 @@ -68,7 +69,7 @@ static int apparmor_enabled(void)
  25         char e;
  26         int ret;
  27
  28 -       fin = fopen(AA_ENABLED_FILE, "r");
  29 +       fin = fopen_cloexec(AA_ENABLED_FILE, "r");
  30         if (!fin)
  31                 return 0;
  32         ret = fscanf(fin, "%c", &e);
  33 @@ -95,7 +96,7 @@ static char *apparmor_process_label_get(pid_t pid)
  34                 return NULL;
  35         }
  36  again:
  37 -       f = fopen(path, "r");
  38 +       f = fopen_cloexec(path, "r");
  39         if (!f) {
  40                 SYSERROR("opening %s", path);
  41                 free(buf);
  42 --
  43 2.11.0
  44