Blob Blame Raw
From b7bcb1b3b953c2052e2d89cb2b3e9d9ccd1b3864 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 10 Oct 2019 16:28:18 -0400
Subject: [PATCH] Don't close STDOUT when calling the CA fetch_roots function

cm_subproc_mark_most_cloexec() now closes all open file
descriptors except for up to three requested for stdin, stdout
and stderr. Before the optimization those three were always
left open.

This was causing errors in the IPA helper ipa-server-guard
because it tries to display the contents of stderr which was
always being closed, causing ipa-server-guard to blow up.
---
 src/cadata.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/cadata.c b/src/cadata.c
index eb87eb76..3e916c96 100644
--- a/src/cadata.c
+++ b/src/cadata.c
@@ -109,7 +109,7 @@ fetch(int fd, struct cm_store_ca *ca, struct cm_store_entry *entry, void *data)
 		}
 		return -1;
 	}
-	cm_subproc_mark_most_cloexec(STDOUT_FILENO, -1, -1);
+	cm_subproc_mark_most_cloexec(STDOUT_FILENO, STDERR_FILENO, -1);
 	cm_log(1, "Running enrollment/cadata helper \"%s\".\n", argv[0]);
 	execvp(argv[0], argv);
 	u = errno;
-- 
2.21.0