From 8cf74e7f147836e81c3583a046e4dc2b4673a14c Mon Sep 17 00:00:00 2001

From: Radovan Sroka <rsroka@redhat.com>

Date: Thu, 11 Mar 2021 14:45:50 +0100

Subject: [PATCH] Ensure that fifo will be removed after termination

- unlink_fifo() will be called after every succesful termination

because dnf/yum can hang if the pipe exists after daemon termination

- move preconstruct_fifo() out of the scope because it is needed also

when the daemon is configured to run as root

Signed-off-by: Radovan Sroka <rsroka@redhat.com>

---

 src/daemon/fapolicyd.c | 13 +++++++++++--

 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/daemon/fapolicyd.c b/src/daemon/fapolicyd.c

index 5dce666..c29611c 100644

--- a/src/daemon/fapolicyd.c

+++ b/src/daemon/fapolicyd.c

@@ -446,6 +446,17 @@ int main(int argc, const char *argv[])

 		openlog("fapolicyd", LOG_PID, LOG_DAEMON);

 	}

+	// Set the exit function so there is always a fifo cleanup

+	if (atexit(unlink_fifo)) {

+		msg(LOG_ERR, "Cannot set exit function");

+		exit(1);

+	}

+

+	if (preconstruct_fifo(&config)) {

+		msg(LOG_ERR, "Cannot contruct a pipe");

+		exit(1);

+	}

+

 	// Setup filesystem to watch list

 	init_fs_list(config.watch_fs);

@@ -454,8 +465,6 @@ int main(int argc, const char *argv[])

 	// If we are not going to be root, then setup necessary capabilities

 	if (config.uid != 0) {

-		if (preconstruct_fifo(&config))

-			exit(1);

 		capng_clear(CAPNG_SELECT_BOTH);

 		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,

 			CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_SYS_PTRACE,

-- 

2.26.2