aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2012-03-07 00:22:55 -0500
committerMike Frysinger <vapier@gentoo.org>2012-03-07 00:28:01 -0500
commit00e64315a17b5f681c5a9f0114ac18eb002faa27 (patch)
treef5c5f8cb108e2acda7fbfa6518e7ff280ef8c9de
parenttests: add static unlink tests (diff)
downloadsandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.gz
sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.bz2
sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.zip
libsandbox: mark internal fds with O_CLOEXEC
We don't want to bleed these across forks/execs. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
-rw-r--r--libsandbox/libsandbox.c4
-rw-r--r--localdecls.h4
2 files changed, 6 insertions, 2 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index a36e190..77a2415 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -386,7 +386,7 @@ static int sb_copy_file_to_fd(const char *file, int ofd)
{
int ret = -1;
- int ifd = sb_open(file, O_RDONLY, 0);
+ int ifd = sb_open(file, O_RDONLY|O_CLOEXEC, 0);
if (ifd == -1)
return ret;
@@ -480,7 +480,7 @@ static bool write_logfile(const char *logfile, const char *func, const char *pat
}
logfd = sb_open(logfile,
- O_APPEND | O_WRONLY | O_CREAT,
+ O_APPEND | O_WRONLY | O_CREAT | O_CLOEXEC,
S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
if (logfd == -1) {
SB_EERROR("ISE:write_logfile ", "unable to append logfile\n");
diff --git a/localdecls.h b/localdecls.h
index 590654d..674e848 100644
--- a/localdecls.h
+++ b/localdecls.h
@@ -49,6 +49,10 @@
# define MAP_ANONYMOUS MAP_ANON
#endif
+#ifndef O_CLOEXEC
+# define O_CLOEXEC 0
+#endif
+
#if !HAVE_DECL_ENVIRON
extern char **environ;
#endif