[lxc-devel] [lxc/master] tree-wide: make socket SOCK_CLOEXEC

brauner on Github lxc-bot at linuxcontainers.org
Fri May 3 18:35:45 UTC 2019 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20190503/84a30db3/attachment.bin>
-------------- next part --------------
From ad9429e52927b22ae74a3d8bd25943a9a833b71e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 3 May 2019 20:35:02 +0200
Subject: [PATCH] tree-wide: make socket SOCK_CLOEXEC

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 src/lxc/af_unix.c | 6 +++---
 src/lxc/network.c | 6 +++---
 src/lxc/nl.c      | 2 +-
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 9e2f8587c8..c688a8746f 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -81,7 +81,7 @@ int lxc_abstract_unix_open(const char *path, int type, int flags)
 	ssize_t len;
 	struct sockaddr_un addr;
 
-	fd = socket(PF_UNIX, type, 0);
+	fd = socket(PF_UNIX, type | SOCK_CLOEXEC, 0);
 	if (fd < 0)
 		return -1;
 
@@ -129,7 +129,7 @@ int lxc_abstract_unix_connect(const char *path)
 	ssize_t len;
 	struct sockaddr_un addr;
 
-	fd = socket(PF_UNIX, SOCK_STREAM, 0);
+	fd = socket(PF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 	if (fd < 0)
 		return -1;
 
@@ -371,7 +371,7 @@ int lxc_unix_connect(struct sockaddr_un *addr)
 	int ret;
 	ssize_t len;
 
-	fd = socket(AF_UNIX, SOCK_STREAM, 0);
+	fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
 	if (fd < 0) {
 		SYSERROR("Failed to open new AF_UNIX socket");
 		return -1;
diff --git a/src/lxc/network.c b/src/lxc/network.c
index a71eb5ddff..12666e4873 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -2187,7 +2187,7 @@ int lxc_bridge_attach(const char *bridge, const char *ifname)
 	if (is_ovs_bridge(bridge))
 		return lxc_ovs_attach_bridge(bridge, ifname);
 
-	fd = socket(AF_INET, SOCK_STREAM, 0);
+	fd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, 0);
 	if (fd < 0)
 		return -errno;
 
@@ -2292,7 +2292,7 @@ int setup_private_host_hw_addr(char *veth1)
 	int err, sockfd;
 	struct ifreq ifr;
 
-	sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+	sockfd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 	if (sockfd < 0)
 		return -errno;
 
@@ -3191,7 +3191,7 @@ static int setup_hw_addr(char *hwaddr, const char *ifname)
 	ifr.ifr_name[IFNAMSIZ-1] = '\0';
 	memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
 
-	fd = socket(AF_INET, SOCK_DGRAM, 0);
+	fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
 	if (fd < 0)
 		return -1;
 
diff --git a/src/lxc/nl.c b/src/lxc/nl.c
index eb4535a731..15beec2a0e 100644
--- a/src/lxc/nl.c
+++ b/src/lxc/nl.c
@@ -295,7 +295,7 @@ extern int netlink_open(struct nl_handler *handler, int protocol)
 
 	memset(handler, 0, sizeof(*handler));
 
-	handler->fd = socket(AF_NETLINK, SOCK_RAW, protocol);
+	handler->fd = socket(AF_NETLINK, SOCK_RAW | SOCK_CLOEXEC, protocol);
 	if (handler->fd < 0)
 		return -errno;

More information about the lxc-devel mailing list