From e630805d15a3b8d09330353f87a7e4a9fcc9998a Mon Sep 17 00:00:00 2001
From: Joe MacDonald <joe.macdonald@windriver.com>
Date: Tue, 15 Oct 2013 10:07:43 -0400
Subject: [PATCH] libselinux: make SOCK_CLOEXEC optional

libselinux/src/setrans_client.c checks for the existence of SOCK_CLOEXEC
before using it, however libselinux/src/avc_internal.c does not.  Since
SOCK_CLOEXEC suffers the same problem as O_CLOEXEC on some older
platforms, we need to ensure we protect the references it it in the same
way.

Upstream-Status: Inappropriate

Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>

---
 src/avc_internal.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/avc_internal.c b/src/avc_internal.c
index 49cecc9..148cc83 100644
--- a/src/avc_internal.c
+++ b/src/avc_internal.c
@@ -60,7 +60,13 @@ int avc_netlink_open(int blocking)
 	int len, rc = 0;
 	struct sockaddr_nl addr;
 
-	fd = socket(PF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, NETLINK_SELINUX);
+	fd = socket(PF_NETLINK, SOCK_RAW
+#ifdef SOCK_CLOEXEC
+               | SOCK_CLOEXEC
+#else
+#warning SOCK_CLOEXEC undefined on this platform, this may leak file descriptors
+#endif
+               , NETLINK_SELINUX);
 	if (fd < 0) {
 		rc = fd;
 		goto out;