Menu
▾
▴
#38 Socket file descriptors leaked
The open file descriptor to the fail2ban socket is not closed on exec. On Fedora, that is discovered by SELinux which reports that the "sendmail" and "iptables" commands are not allowed to access the fail2ban type socket.
I looked a bit in the code and I see that when filters are opened, the file descriptors are set to CLOEXEC. But the same thing does not seem to happen when the socket is opened. As far as I can understand, that file descriptor too should be CLOEXEC.
