forked from pool/vsftpd
4d064f5b44
- add vsftpd-enable-dev-log-sendto.patch (bnc#812406#c1) * this enabled a sendto on /dev/log socket when syslog is enabled - provide more verbose explanation about isolate_network and seccomp_sanbox in config file template - don't install init file on openSUSE 13.1+ - drop a build support for SL 10 and older - add vsftpd-drop-newpid-from-clone.patch (bnc#786024#c38) * drop CLONE_NEWPID from clone to enable audit system - add vsftpd-enable-fcntl-f_setfl.patch (bnc#812406) * unconditionally enable F_SETFL patch - might be safe to do OBS-URL: https://build.opensuse.org/request/show/162590 OBS-URL: https://build.opensuse.org/package/show/network/vsftpd?expand=0&rev=55
36 lines
1.2 KiB
Diff
36 lines
1.2 KiB
Diff
From: Michal Vyskocil <mvyskocil@suse.cz>
|
|
Subject: Drop CLONE_NEWPID from clone call
|
|
|
|
Kernel autid system prohibits the processes created with CLONE_NEWPID, so an
|
|
attempt to log into ftp server ends with
|
|
|
|
audit_log_acct_message() failed: Operation not permitted
|
|
|
|
https://bugzilla.novell.com/show_bug.cgi?id=786024#c38
|
|
|
|
identified-by: Tony Jones <tonyj@suse.com>
|
|
fixes: bnc#786024
|
|
|
|
Index: vsftpd-3.0.2/sysdeputil.c
|
|
===================================================================
|
|
--- vsftpd-3.0.2.orig/sysdeputil.c
|
|
+++ vsftpd-3.0.2/sysdeputil.c
|
|
@@ -1272,7 +1272,7 @@ vsf_sysutil_fork_isolate_all_failok()
|
|
if (cloneflags_work)
|
|
{
|
|
int ret = syscall(__NR_clone,
|
|
- CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
|
|
+ CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
|
|
NULL);
|
|
if (ret != -1 || (errno != EINVAL && errno != EPERM))
|
|
{
|
|
@@ -1295,7 +1295,7 @@ vsf_sysutil_fork_isolate_failok()
|
|
static int cloneflags_work = 1;
|
|
if (cloneflags_work)
|
|
{
|
|
- int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
|
|
+ int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL);
|
|
if (ret != -1 || (errno != EINVAL && errno != EPERM))
|
|
{
|
|
if (ret == 0)
|