Use O_CLOEXEC when possible to avoid leaking FDs
This commit is contained in:
parent
1d9b33b06b
commit
ee7de33531
4
mount.c
4
mount.c
@ -104,11 +104,11 @@ static bool mountMount(struct nsjconf_t *nsjconf, struct mounts_t *mpt, const ch
|
||||
LOG_W("Couldn't create upper directories for '%s'", dst);
|
||||
return false;
|
||||
}
|
||||
int fd = TEMP_FAILURE_RETRY(open(dst, O_CREAT | O_RDONLY, 0644));
|
||||
int fd = TEMP_FAILURE_RETRY(open(dst, O_CREAT | O_RDONLY | O_CLOEXEC, 0644));
|
||||
if (fd >= 0) {
|
||||
close(fd);
|
||||
} else {
|
||||
PLOG_W("open('%s', O_CREAT|O_RDONLY, 0700)", dst);
|
||||
PLOG_W("open('%s', O_CREAT|O_RDONLY|O_CLOEXEC, 0700)", dst);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -112,7 +112,7 @@ static void subprocAdd(struct nsjconf_t *nsjconf, pid_t pid, int sock)
|
||||
|
||||
char fname[PATH_MAX];
|
||||
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
|
||||
p->pid_syscall_fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY));
|
||||
p->pid_syscall_fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
|
||||
|
||||
TAILQ_INSERT_HEAD(&nsjconf->pids, p, pointers);
|
||||
|
||||
|
4
util.c
4
util.c
@ -62,9 +62,9 @@ ssize_t utilReadFromFd(int fd, void *buf, size_t len)
|
||||
ssize_t utilReadFromFile(const char *fname, void *buf, size_t len)
|
||||
{
|
||||
int fd;
|
||||
TEMP_FAILURE_RETRY(fd = open(fname, O_RDONLY));
|
||||
TEMP_FAILURE_RETRY(fd = open(fname, O_RDONLY | O_CLOEXEC));
|
||||
if (fd == -1) {
|
||||
LOG_E("open('%s', O_RDONLY)", fname);
|
||||
LOG_E("open('%s', O_RDONLY|O_CLOEXEC)", fname);
|
||||
return -1;
|
||||
}
|
||||
ssize_t ret = utilReadFromFd(fd, buf, len);
|
||||
|
Loading…
Reference in New Issue
Block a user