diff options
| author | Richard W.M. Jones <rjones@redhat.com> | 2012-03-14 19:30:46 +0000 |
|---|---|---|
| committer | Richard W.M. Jones <rjones@redhat.com> | 2012-03-14 19:30:46 +0000 |
| commit | 606732d02e678161ff433040a21d54fc2ea8bb43 (patch) | |
| tree | 7549558e51d1dd45a45e71ce219084e368eb845d /src | |
| parent | 13e7a1b400b7e2a5e9335d25205b09e74c89d858 (diff) | |
| download | libguestfs-606732d02e678161ff433040a21d54fc2ea8bb43.tar.gz libguestfs-606732d02e678161ff433040a21d54fc2ea8bb43.tar.xz libguestfs-606732d02e678161ff433040a21d54fc2ea8bb43.zip | |
Use O_CLOEXEC / SOCK_CLOEXEC for almost all file descriptors.
The presumption is that all file descriptors should be created with
the close-on-exec flag set. The only exception are file descriptors
that we want passed through to exec'd subprocesses (mainly pipes and
stdin/stdout/stderr).
For open calls, we pass O_CLOEXEC as an extra flag, eg:
fd = open ("foo", O_RDONLY|O_CLOEXEC);
This is a Linux-ism, but using a macro we can easily make it portable.
For sockets, similarly:
sock = socket (..., SOCK_STREAM|SOCK_CLOEXEC, ...);
For accepted sockets, we use the Linux accept4 system call which
allows flags to be supplied, but we use the Gnulib 'accept4' module to
make this portable.
For dup, dup2, we use the Linux dup3 system call, and the Gnulib
modules 'dup3' and 'cloexec'.
Diffstat (limited to 'src')
| -rw-r--r-- | src/appliance.c | 4 | ||||
| -rw-r--r-- | src/guestfs-internal.h | 8 | ||||
| -rw-r--r-- | src/inspect.c | 2 | ||||
| -rw-r--r-- | src/inspect_icon.c | 2 | ||||
| -rw-r--r-- | src/launch.c | 8 | ||||
| -rw-r--r-- | src/proto.c | 6 |
6 files changed, 19 insertions, 11 deletions
diff --git a/src/appliance.c b/src/appliance.c index 9d51d3dc..e42bec45 100644 --- a/src/appliance.c +++ b/src/appliance.c @@ -379,7 +379,7 @@ check_for_cached_appliance (guestfs_h *g, garbage_collect_appliances (cachedir); /* Try to open and acquire a lock on the checksum file. */ - int fd = open (filename, O_RDONLY); + int fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) return 0; #ifdef HAVE_FUTIMENS @@ -497,7 +497,7 @@ build_supermin_appliance (guestfs_h *g, /* Open and acquire write lock on checksum file. The file might * not exist, in which case we want to create it. */ - int fd = open (filename, O_WRONLY|O_CREAT, 0755); + int fd = open (filename, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0755); if (fd == -1) { perrorf (g, "open: %s", filename); guestfs___remove_tmpdir (tmpcd); diff --git a/src/guestfs-internal.h b/src/guestfs-internal.h index ff17a223..1943f1a9 100644 --- a/src/guestfs-internal.h +++ b/src/guestfs-internal.h @@ -24,6 +24,14 @@ #include <pcre.h> +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + #define STREQ(a,b) (strcmp((a),(b)) == 0) #define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0) #define STRNEQ(a,b) (strcmp((a),(b)) != 0) diff --git a/src/inspect.c b/src/inspect.c index 9672aff8..60c7dd44 100644 --- a/src/inspect.c +++ b/src/inspect.c @@ -762,7 +762,7 @@ guestfs___download_to_tmp (guestfs_h *g, struct inspect_fs *fs, goto error; } - fd = open (r, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600); + fd = open (r, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0600); if (fd == -1) { perrorf (g, "open: %s", r); goto error; diff --git a/src/inspect_icon.c b/src/inspect_icon.c index 6cb5553f..19acfb9c 100644 --- a/src/inspect_icon.c +++ b/src/inspect_icon.c @@ -553,7 +553,7 @@ read_whole_file (guestfs_h *g, const char *filename, ssize_t r; struct stat statbuf; - fd = open (filename, O_RDONLY); + fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) { perrorf (g, "open: %s", filename); return -1; diff --git a/src/launch.c b/src/launch.c index 1a7c8236..1b9ca9b0 100644 --- a/src/launch.c +++ b/src/launch.c @@ -532,7 +532,7 @@ launch_appliance (guestfs_h *g) snprintf (guestfsd_sock, sizeof guestfsd_sock, "%s/guestfsd.sock", g->tmpdir); unlink (guestfsd_sock); - g->sock = socket (AF_UNIX, SOCK_STREAM, 0); + g->sock = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); if (g->sock == -1) { perrorf (g, "socket"); goto cleanup0; @@ -652,7 +652,7 @@ launch_appliance (guestfs_h *g) * qemu command line, again. */ if (qemu_supports (g, "-enable-kvm") && - is_openable (g, "/dev/kvm", O_RDWR)) + is_openable (g, "/dev/kvm", O_RDWR|O_CLOEXEC)) add_cmdline (g, "-enable-kvm"); } @@ -921,7 +921,7 @@ launch_appliance (guestfs_h *g) g->fd[0] = wfd[1]; /* stdin of child */ g->fd[1] = rfd[0]; /* stdout of child */ } else { - g->fd[0] = open ("/dev/null", O_RDWR); + g->fd[0] = open ("/dev/null", O_RDWR|O_CLOEXEC); if (g->fd[0] == -1) { perrorf (g, "open /dev/null"); goto cleanup1; @@ -1039,7 +1039,7 @@ connect_unix_socket (guestfs_h *g, const char *sockpath) if (g->verbose) guestfs___print_timestamped_message (g, "connecting to %s", sockpath); - g->sock = socket (AF_UNIX, SOCK_STREAM, 0); + g->sock = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); if (g->sock == -1) { perrorf (g, "socket"); return -1; diff --git a/src/proto.c b/src/proto.c index c9ddaca3..bf3feaed 100644 --- a/src/proto.c +++ b/src/proto.c @@ -780,7 +780,7 @@ guestfs___accept_from_daemon (guestfs_h *g) return -1; } if (FD_ISSET (g->sock, &rset2)) { - sock = accept (g->sock, NULL, NULL); + sock = accept4 (g->sock, NULL, NULL, SOCK_CLOEXEC); if (sock == -1) { if (errno == EINTR || errno == EAGAIN) continue; @@ -891,7 +891,7 @@ guestfs___send_file (guestfs_h *g, const char *filename) g->user_cancel = 0; - fd = open (filename, O_RDONLY); + fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) { perrorf (g, "open: %s", filename); send_file_cancellation (g); @@ -1125,7 +1125,7 @@ guestfs___recv_file (guestfs_h *g, const char *filename) g->user_cancel = 0; - fd = open (filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0666); + fd = open (filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0666); if (fd == -1) { perrorf (g, "open: %s", filename); goto cancel; |