summaryrefslogtreecommitdiffstats
path: root/extensions/ebt_nat.c
diff options
context:
space:
mode:
authorOndrej Mosnacek <omosnace@redhat.com>2021-02-17 22:30:23 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2021-02-17 23:57:31 +0100
commit46eb78ff358724f5addf14e45f2cfc31542ede3c (patch)
tree2e8cc777f4a7564e8167e0343c2d19b347b49185 /extensions/ebt_nat.c
parent7d00e58157bc61168a057cde91a6e5b54dca573b (diff)
libebtc: Open the lockfile with O_CLOEXECHEADmaster
Otherwise the fd will leak to subprocesses (e.g. modprobe). That's mostly benign, but it may trigger an SELinux denial when the modprobe process transitions to another domain. Fixes: 8b5594d7c21f ("add logic to support the --concurrent option: use a file lock to support concurrent scripts running ebtables") Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions/ebt_nat.c')
0 files changed, 0 insertions, 0 deletions