file descriptors not closed when executing sub-processes
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
neutron |
Fix Released
|
High
|
Robert Kukura | ||
Folsom |
Fix Released
|
High
|
Robert Kukura |
Bug Description
SELinux logs denials such as the following from the ip command (pid 3316) being executed by quantum-dhcp-agent (pid 2604) :
type=AVC msg=audit(
type=SYSCALL msg=audit(
In this case, it seems a file descriptor opened by eventlet does not have FD_CLOEXEC set, so its left open and ip tries to access it, which is blocked by SELinux. This particular denial is harmless, other than polluting audit.log, but file descriptors other than stdin, stdout and stderr should be closed when sub-processes are executed.
The nova.utils.
Changed in quantum: | |
status: | Fix Committed → Fix Released |
Changed in quantum: | |
milestone: | grizzly-rc1 → 2013.1 |
tags: | removed: in-stable-folsom |
Doesn't sound like a blocker for G-3, so moving to G-rc1