close sockets when we exec scripts

(This used to be ctdb commit 0fac2164db4279db2d7d376a34be05b890304087)

5 files changed, 31 insertions, 17 deletions

diff --git a/ctdb/common/ctdb_client.c b/ctdb/common/ctdb_client.c
index 8a96dbc7ca..2a47a5ed22 100644
--- a/ctdb/common/ctdb_client.c
+++ b/ctdb/common/ctdb_client.c
@@ -174,6 +174,9 @@ int ctdb_socket_connect(struct ctdb_context *ctdb)
 	if (ctdb->daemon.sd == -1) {
 		return -1;
 	}
+
+	set_nonblocking(ctdb->daemon.sd);
+	set_close_on_exec(ctdb->daemon.sd);
 	
 	if (connect(ctdb->daemon.sd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
 		close(ctdb->daemon.sd);
diff --git a/ctdb/common/ctdb_daemon.c b/ctdb/common/ctdb_daemon.c
index a8339bb7fe..3009cb5d43 100644
--- a/ctdb/common/ctdb_daemon.c
+++ b/ctdb/common/ctdb_daemon.c
@@ -101,13 +101,6 @@ static void ctdb_main_loop(struct ctdb_context *ctdb)
 }
 
 
-static void set_non_blocking(int fd)
-{
-	unsigned v;
-	v = fcntl(fd, F_GETFL, 0);
-        fcntl(fd, F_SETFL, v | O_NONBLOCK);
-}
-
 static void block_signal(int signum)
 {
 	struct sigaction act;
@@ -585,7 +578,9 @@ static void ctdb_accept_client(struct event_context *ev, struct fd_event *fde,
 	if (fd == -1) {
 		return;
 	}
-	set_non_blocking(fd);
+
+	set_nonblocking(fd);
+	set_close_on_exec(fd);
 
 	client = talloc_zero(ctdb, struct ctdb_client);
 	client->ctdb = ctdb;
@@ -634,6 +629,9 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
 		return -1;
 	}
 
+	set_nonblocking(ctdb->daemon.sd);
+	set_close_on_exec(ctdb->daemon.sd);
+
 #if 0
 	/* AIX doesn't like this :( */
 	if (fchown(ctdb->daemon.sd, geteuid(), getegid()) != 0 ||
@@ -643,7 +641,7 @@ static int ux_socket_bind(struct ctdb_context *ctdb)
 	}
 #endif
 
-	set_non_blocking(ctdb->daemon.sd);
+	set_nonblocking(ctdb->daemon.sd);
 
 	memset(&addr, 0, sizeof(addr));
 	addr.sun_family = AF_UNIX;
diff --git a/ctdb/common/ctdb_util.c b/ctdb/common/ctdb_util.c
index d88b809f14..71d11734ef 100644
--- a/ctdb/common/ctdb_util.c
+++ b/ctdb/common/ctdb_util.c
@@ -217,3 +217,18 @@ void ctdb_set_realtime(void)
 	}
 #endif
 }
+
+void set_nonblocking(int fd)
+{
+	unsigned v;
+	v = fcntl(fd, F_GETFL, 0);
+        fcntl(fd, F_SETFL, v | O_NONBLOCK);
+}
+
+void set_close_on_exec(int fd)
+{
+	unsigned v;
+	v = fcntl(fd, F_GETFD, 0);
+        fcntl(fd, F_SETFD, v | FD_CLOEXEC);
+}
+
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h
index 92cc1a4263..80424a45b0 100644
--- a/ctdb/include/ctdb_private.h
+++ b/ctdb/include/ctdb_private.h
@@ -955,6 +955,8 @@ int ctdb_event_script_callback(struct ctdb_context *ctdb,
 			       const char *fmt, ...) PRINTF_ATTRIBUTE(3,4);
 void ctdb_release_all_ips(struct ctdb_context *ctdb);
 
+void set_nonblocking(int fd);
+void set_close_on_exec(int fd);
 
 
 #endif
diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c
index fa249d5fba..0a9dc5106b 100644
--- a/ctdb/tcp/tcp_connect.c
+++ b/ctdb/tcp/tcp_connect.c
@@ -26,14 +26,6 @@
 #include "../include/ctdb_private.h"
 #include "ctdb_tcp.h"
 
-static void set_nonblocking(int fd)
-{
-	unsigned v;
-	v = fcntl(fd, F_GETFL, 0);
-        fcntl(fd, F_SETFL, v | O_NONBLOCK);
-}
-
-
 /*
   called when a complete packet has come in - should not happen on this socket
  */
@@ -134,6 +126,7 @@ void ctdb_tcp_node_connect(struct event_context *ev, struct timed_event *te,
 	tnode->fd = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
 
 	set_nonblocking(tnode->fd);
+	set_close_on_exec(tnode->fd);
 
 	ZERO_STRUCT(sock_out);
 #ifdef HAVE_SOCK_SIN_LEN
@@ -213,6 +206,7 @@ static void ctdb_listen_event(struct event_context *ev, struct fd_event *fde,
 	in->ctdb = ctdb;
 
 	set_nonblocking(in->fd);
+	set_close_on_exec(in->fd);
 
         setsockopt(in->fd,SOL_SOCKET,SO_KEEPALIVE,(char *)&one,sizeof(one));
 
@@ -322,6 +316,8 @@ int ctdb_tcp_listen(struct ctdb_context *ctdb)
 		return -1;
 	}
 
+	set_close_on_exec(ctcp->listen_fd);
+
         setsockopt(ctcp->listen_fd,SOL_SOCKET,SO_REUSEADDR,(char *)&one,sizeof(one));
 
 	/* we can either auto-bind to the first available address, or we can