From a239728ec064666025de2723997d87b176d57fd6 Mon Sep 17 00:00:00 2001
From: Maciej Zenczykowski <maze@google.com>
Date: Mon, 4 Apr 2011 15:30:32 +0200
Subject: mark newly opened fds as FD_CLOEXEC (close on exec)

(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)

Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
---
 xtables.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'xtables.c')

diff --git a/xtables.c b/xtables.c
index 2f00e394..352963f4 100644
--- a/xtables.c
+++ b/xtables.c
@@ -300,6 +300,11 @@ static char *get_modprobe(void)
 	procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
 	if (procfile < 0)
 		return NULL;
+	if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+		fprintf(stderr, "Could not set close on exec: %s\n",
+			strerror(errno));
+		exit(1);
+	}
 
 	ret = malloc(PROCFILE_BUFSIZ);
 	if (ret) {
@@ -697,6 +702,12 @@ static int compatible_revision(const char *name, uint8_t revision, int opt)
 		exit(1);
 	}
 
+	if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+		fprintf(stderr, "Could not set close on exec: %s\n",
+			strerror(errno));
+		exit(1);
+	}
+
 	xtables_load_ko(xtables_modprobe_program, true);
 
 	strcpy(rev.name, name);
-- 
cgit v1.2.3