diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/appliance.c | 4 | ||||
| -rw-r--r-- | src/guestfs-internal.h | 8 | ||||
| -rw-r--r-- | src/inspect.c | 2 | ||||
| -rw-r--r-- | src/inspect_icon.c | 2 | ||||
| -rw-r--r-- | src/launch.c | 8 | ||||
| -rw-r--r-- | src/proto.c | 6 |
6 files changed, 19 insertions, 11 deletions
diff --git a/src/appliance.c b/src/appliance.c index 9d51d3dc..e42bec45 100644 --- a/src/appliance.c +++ b/src/appliance.c @@ -379,7 +379,7 @@ check_for_cached_appliance (guestfs_h *g, garbage_collect_appliances (cachedir); /* Try to open and acquire a lock on the checksum file. */ - int fd = open (filename, O_RDONLY); + int fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) return 0; #ifdef HAVE_FUTIMENS @@ -497,7 +497,7 @@ build_supermin_appliance (guestfs_h *g, /* Open and acquire write lock on checksum file. The file might * not exist, in which case we want to create it. */ - int fd = open (filename, O_WRONLY|O_CREAT, 0755); + int fd = open (filename, O_WRONLY|O_CREAT|O_NOCTTY|O_CLOEXEC, 0755); if (fd == -1) { perrorf (g, "open: %s", filename); guestfs___remove_tmpdir (tmpcd); diff --git a/src/guestfs-internal.h b/src/guestfs-internal.h index ff17a223..1943f1a9 100644 --- a/src/guestfs-internal.h +++ b/src/guestfs-internal.h @@ -24,6 +24,14 @@ #include <pcre.h> +#ifndef O_CLOEXEC +#define O_CLOEXEC 0 +#endif + +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + #define STREQ(a,b) (strcmp((a),(b)) == 0) #define STRCASEEQ(a,b) (strcasecmp((a),(b)) == 0) #define STRNEQ(a,b) (strcmp((a),(b)) != 0) diff --git a/src/inspect.c b/src/inspect.c index 9672aff8..60c7dd44 100644 --- a/src/inspect.c +++ b/src/inspect.c @@ -762,7 +762,7 @@ guestfs___download_to_tmp (guestfs_h *g, struct inspect_fs *fs, goto error; } - fd = open (r, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0600); + fd = open (r, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0600); if (fd == -1) { perrorf (g, "open: %s", r); goto error; diff --git a/src/inspect_icon.c b/src/inspect_icon.c index 6cb5553f..19acfb9c 100644 --- a/src/inspect_icon.c +++ b/src/inspect_icon.c @@ -553,7 +553,7 @@ read_whole_file (guestfs_h *g, const char *filename, ssize_t r; struct stat statbuf; - fd = open (filename, O_RDONLY); + fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) { perrorf (g, "open: %s", filename); return -1; diff --git a/src/launch.c b/src/launch.c index 1a7c8236..1b9ca9b0 100644 --- a/src/launch.c +++ b/src/launch.c @@ -532,7 +532,7 @@ launch_appliance (guestfs_h *g) snprintf (guestfsd_sock, sizeof guestfsd_sock, "%s/guestfsd.sock", g->tmpdir); unlink (guestfsd_sock); - g->sock = socket (AF_UNIX, SOCK_STREAM, 0); + g->sock = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); if (g->sock == -1) { perrorf (g, "socket"); goto cleanup0; @@ -652,7 +652,7 @@ launch_appliance (guestfs_h *g) * qemu command line, again. */ if (qemu_supports (g, "-enable-kvm") && - is_openable (g, "/dev/kvm", O_RDWR)) + is_openable (g, "/dev/kvm", O_RDWR|O_CLOEXEC)) add_cmdline (g, "-enable-kvm"); } @@ -921,7 +921,7 @@ launch_appliance (guestfs_h *g) g->fd[0] = wfd[1]; /* stdin of child */ g->fd[1] = rfd[0]; /* stdout of child */ } else { - g->fd[0] = open ("/dev/null", O_RDWR); + g->fd[0] = open ("/dev/null", O_RDWR|O_CLOEXEC); if (g->fd[0] == -1) { perrorf (g, "open /dev/null"); goto cleanup1; @@ -1039,7 +1039,7 @@ connect_unix_socket (guestfs_h *g, const char *sockpath) if (g->verbose) guestfs___print_timestamped_message (g, "connecting to %s", sockpath); - g->sock = socket (AF_UNIX, SOCK_STREAM, 0); + g->sock = socket (AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); if (g->sock == -1) { perrorf (g, "socket"); return -1; diff --git a/src/proto.c b/src/proto.c index c9ddaca3..bf3feaed 100644 --- a/src/proto.c +++ b/src/proto.c @@ -780,7 +780,7 @@ guestfs___accept_from_daemon (guestfs_h *g) return -1; } if (FD_ISSET (g->sock, &rset2)) { - sock = accept (g->sock, NULL, NULL); + sock = accept4 (g->sock, NULL, NULL, SOCK_CLOEXEC); if (sock == -1) { if (errno == EINTR || errno == EAGAIN) continue; @@ -891,7 +891,7 @@ guestfs___send_file (guestfs_h *g, const char *filename) g->user_cancel = 0; - fd = open (filename, O_RDONLY); + fd = open (filename, O_RDONLY|O_CLOEXEC); if (fd == -1) { perrorf (g, "open: %s", filename); send_file_cancellation (g); @@ -1125,7 +1125,7 @@ guestfs___recv_file (guestfs_h *g, const char *filename) g->user_cancel = 0; - fd = open (filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY, 0666); + fd = open (filename, O_WRONLY|O_CREAT|O_TRUNC|O_NOCTTY|O_CLOEXEC, 0666); if (fd == -1) { perrorf (g, "open: %s", filename); goto cancel; |