From d07b392cdb5b264d21c6a64753957710b3ec921c Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tm@t8m.info>
Date: Mon, 31 Mar 2008 10:31:50 +0000
Subject: Relevant BUGIDs:

Purpose of commit: bugfix

Commit summary:
---------------
2008-03-31  Dan Walsh <dwalsh@redhat.com>

        * modules/pam_sepermit/pam_sepermit.c(sepermit_lock): Mark lock fd to
        be closed on exec.
---
 modules/pam_sepermit/pam_sepermit.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'modules/pam_sepermit/pam_sepermit.c')

diff --git a/modules/pam_sepermit/pam_sepermit.c b/modules/pam_sepermit/pam_sepermit.c
index 47f95030..0d5ab21a 100644
--- a/modules/pam_sepermit/pam_sepermit.c
+++ b/modules/pam_sepermit/pam_sepermit.c
@@ -207,6 +207,9 @@ sepermit_lock(pam_handle_t *pamh, const char *user, int debug)
 		return -1;
 	}
 
+	/* Need to close on exec */
+	fcntl(fd, F_SETFD, FD_CLOEXEC);
+
 	if (fcntl(fd, F_SETLK, &fl) == -1) {
 		pam_syslog(pamh, LOG_ERR, "User %s with exclusive login already logged in", user);
 		close(fd);
-- 
cgit v1.2.3