summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog5
-rw-r--r--modules/pam_sepermit/pam_sepermit.c3
2 files changed, 8 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index afc1ef1f..b1122d46 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2008-03-31 Dan Walsh <dwalsh@redhat.com>
+
+ * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
+ be closed on exec.
+
2008-03-25 Leah Liu <lliu@redhat.com>
* po/zh_CN.po: Updated translation.
diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index 47f95030..0d5ab21a 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -207,6 +207,9 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug)
return -1;
}
+ /* Need to close on exec */
+ fcntl(fd, F_SETFD, FD_CLOEXEC);
+
if (fcntl(fd, F_SETLK, &fl) == -1) {
pam_syslog(pamh, LOG_ERR, "User %s with exclusive login already logged in", user);
close(fd);