From: Michal Vyskocil <mvyskocil@suse.cz>
Subject: Drop CLONE_NEWPID from clone call
Kernel autid system prohibits the processes created with CLONE_NEWPID, so an
attempt to log into ftp server ends with
audit_log_acct_message() failed: Operation not permitted
https://bugzilla.novell.com/show_bug.cgi?id=786024#c38
identified-by: Tony Jones <tonyj@suse.com>
fixes: bnc#786024
Index: vsftpd-3.0.2/sysdeputil.c
===================================================================
--- vsftpd-3.0.2.orig/sysdeputil.c
+++ vsftpd-3.0.2/sysdeputil.c
@@ -1272,7 +1272,7 @@ vsf_sysutil_fork_isolate_all_failok()
if (cloneflags_work)
{
int ret = syscall(__NR_clone,
- CLONE_NEWPID | CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
+ CLONE_NEWIPC | CLONE_NEWNET | SIGCHLD,
NULL);
if (ret != -1 || (errno != EINVAL && errno != EPERM))
{
@@ -1295,7 +1295,7 @@ vsf_sysutil_fork_isolate_failok()
static int cloneflags_work = 1;
if (cloneflags_work)
{
- int ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC | SIGCHLD, NULL);
+ int ret = syscall(__NR_clone, CLONE_NEWIPC | SIGCHLD, NULL);
if (ret != -1 || (errno != EINVAL && errno != EPERM))
{
if (ret == 0)
distrib
>
Mageia
>
6
>
i586
>
media
>
core-release-src
>
by-pkgid
>
48507765d6e27f6b38e2638a1b15d45e
>
files
>
19
