From 8cf74e7f147836e81c3583a046e4dc2b4673a14c Mon Sep 17 00:00:00 2001
From: Radovan Sroka <rsroka@redhat.com>
Date: Thu, 11 Mar 2021 14:45:50 +0100
Subject: [PATCH] Ensure that fifo will be removed after termination

- unlink_fifo() will be called after every succesful termination
because dnf/yum can hang if the pipe exists after daemon termination

- move preconstruct_fifo() out of the scope because it is needed also
when the daemon is configured to run as root

Signed-off-by: Radovan Sroka <rsroka@redhat.com>
---
 src/daemon/fapolicyd.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/daemon/fapolicyd.c b/src/daemon/fapolicyd.c
index 5dce666..c29611c 100644
--- a/src/daemon/fapolicyd.c
+++ b/src/daemon/fapolicyd.c
@@ -446,6 +446,17 @@ int main(int argc, const char *argv[])
 		openlog("fapolicyd", LOG_PID, LOG_DAEMON);
 	}
 
+	// Set the exit function so there is always a fifo cleanup
+	if (atexit(unlink_fifo)) {
+		msg(LOG_ERR, "Cannot set exit function");
+		exit(1);
+	}
+
+	if (preconstruct_fifo(&config)) {
+		msg(LOG_ERR, "Cannot contruct a pipe");
+		exit(1);
+	}
+
 	// Setup filesystem to watch list
 	init_fs_list(config.watch_fs);
 
@@ -454,8 +465,6 @@ int main(int argc, const char *argv[])
 
 	// If we are not going to be root, then setup necessary capabilities
 	if (config.uid != 0) {
-		if (preconstruct_fifo(&config))
-			exit(1);
 		capng_clear(CAPNG_SELECT_BOTH);
 		capng_updatev(CAPNG_ADD, CAPNG_EFFECTIVE|CAPNG_PERMITTED,
 			CAP_DAC_OVERRIDE, CAP_SYS_ADMIN, CAP_SYS_PTRACE,
-- 
2.26.2