From 7646217c0d1775bc95cceb14f5c975ac7d157f05 Mon Sep 17 00:00:00 2001 From: Etienne CHAMPETIER Date: Mon, 30 Nov 2015 23:09:20 +0000 Subject: [PATCH] ujail: add O_CLOEXEC flag to open() call if we forget to close() in the future, this prevent fd leak Signed-off-by: Etienne CHAMPETIER --- jail/elf.c | 2 +- jail/fs.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/jail/elf.c b/jail/elf.c index b8f2cc5..7c6076a 100644 --- a/jail/elf.c +++ b/jail/elf.c @@ -81,7 +81,7 @@ int lib_open(char **fullpath, const char *file) list_for_each_entry(p, &library_paths, list) { snprintf(path, sizeof(path), "%s/%s", p->path, file); - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY|O_CLOEXEC); if (fd >= 0) { *fullpath = strdup(path); break; diff --git a/jail/fs.c b/jail/fs.c index 7b7b820..f390180 100644 --- a/jail/fs.c +++ b/jail/fs.c @@ -116,7 +116,7 @@ int add_path_and_deps(const char *path, int readonly, int error, int lib) if (path[0] == '/') { if (avl_find(&mounts, path)) return 0; - fd = open(path, O_RDONLY); + fd = open(path, O_RDONLY|O_CLOEXEC); if (fd == -1) return error; add_mount(path, readonly, error); -- 2.30.2