Skip to content

Commit

Permalink
Use O_CLOEXEC when possible to avoid leaking FDs
Browse files Browse the repository at this point in the history
  • Loading branch information
@robertswiecki
robertswiecki committed Sep 10, 2016
1 parent 1d9b33b commit ee7de33
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 5 deletions.
4 changes: 2 additions & 2 deletions mount.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,11 @@ static bool mountMount(struct nsjconf_t *nsjconf, struct mounts_t *mpt, const ch
LOG_W("Couldn't create upper directories for '%s'", dst);
return false;
}
int fd = TEMP_FAILURE_RETRY(open(dst, O_CREAT | O_RDONLY, 0644));
int fd = TEMP_FAILURE_RETRY(open(dst, O_CREAT | O_RDONLY | O_CLOEXEC, 0644));
if (fd >= 0) {
close(fd);
} else {
PLOG_W("open('%s', O_CREAT|O_RDONLY, 0700)", dst);
PLOG_W("open('%s', O_CREAT|O_RDONLY|O_CLOEXEC, 0700)", dst);
}
}

Expand Down
2 changes: 1 addition & 1 deletion subproc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,7 @@ static void subprocAdd(struct nsjconf_t *nsjconf, pid_t pid, int sock)

char fname[PATH_MAX];
snprintf(fname, sizeof(fname), "/proc/%d/syscall", (int)pid);
p->pid_syscall_fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY));
p->pid_syscall_fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));

TAILQ_INSERT_HEAD(&nsjconf->pids, p, pointers);

Expand Down
4 changes: 2 additions & 2 deletions util.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,9 +62,9 @@ ssize_t utilReadFromFd(int fd, void *buf, size_t len)
ssize_t utilReadFromFile(const char *fname, void *buf, size_t len)
{
int fd;
TEMP_FAILURE_RETRY(fd = open(fname, O_RDONLY));
TEMP_FAILURE_RETRY(fd = open(fname, O_RDONLY | O_CLOEXEC));
if (fd == -1) {
LOG_E("open('%s', O_RDONLY)", fname);
LOG_E("open('%s', O_RDONLY|O_CLOEXEC)", fname);
return -1;
}
ssize_t ret = utilReadFromFd(fd, buf, len);
Expand Down

0 comments on commit ee7de33

Please sign in to comment.