From c89deab09a5b5ee33f4576a340f0e76647b533f9 Mon Sep 17 00:00:00 2001
From: Eric Paris <eparis@redhat.com>
Date: Wed, 12 Dec 2012 10:22:38 -0500
Subject: [PATCH] libselinux: selinux_status_open: do not leak statusfd on exec

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Dan Walsh <dwalsh@redhat.com>
---
 libselinux/src/sestatus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libselinux/src/sestatus.c b/libselinux/src/sestatus.c
index 3a4e6588..ed29dc55 100644
--- a/libselinux/src/sestatus.c
+++ b/libselinux/src/sestatus.c
@@ -268,7 +268,7 @@ int selinux_status_open(int fallback)
 		return -1;
 
 	snprintf(path, sizeof(path), "%s/status", selinux_mnt);
-	fd = open(path, O_RDONLY);
+	fd = open(path, O_RDONLY | O_CLOEXEC);
 	if (fd < 0)
 		goto error;