mark newly opened fds as FD_CLOEXEC (close on exec)

(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm) Signed-off-by: Maciej Zenczykowski <maze@google.com> Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Maciej Zenczykowski <maze@google.com> 2011-04-04 15:30:32 +0200
committer: Patrick McHardy <kaber@trash.net> 2011-04-04 15:30:32 +0200
commit: a239728ec064666025de2723997d87b176d57fd6 (patch)
tree: 20daf27af7f9d9fd12a6c0d1bf5f546afad5c21d /xtables.c
parent: 8d6492d582c7284217c042d5638cf50174e5fbfd (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/xtables.c b/xtables.c
index 2f00e394..352963f4 100644
--- a/xtables.c
+++ b/xtables.c
@@ -300,6 +300,11 @@ static char *get_modprobe(void)
 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
 	if (procfile < 0)
 		return NULL;
+	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+		fprintf(stderr, "Could not set close on exec: %s\n",
+			strerror(errno));
+		exit(1);
+	}
 
 	ret = malloc(PROCFILE_BUFSIZ);
 	if (ret) {
@@ -697,6 +702,12 @@ static int compatible_revision(const char *name, uint8_t revision, int opt)
 		exit(1);
 	}
 
+	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+		fprintf(stderr, "Could not set close on exec: %s\n",
+			strerror(errno));
+		exit(1);
+	}
+
 	xtables_load_ko(xtables_modprobe_program, true);
 
 	strcpy(rev.name, name);
author	Maciej Zenczykowski <maze@google.com>	2011-04-04 15:30:32 +0200
committer	Patrick McHardy <kaber@trash.net>	2011-04-04 15:30:32 +0200
commit	a239728ec064666025de2723997d87b176d57fd6 (patch)
tree	20daf27af7f9d9fd12a6c0d1bf5f546afad5c21d /xtables.c
parent	8d6492d582c7284217c042d5638cf50174e5fbfd (diff)