diff options
author | David Gibson <david@gibson.dropbear.id.au> | 2022-08-23 16:31:51 +1000 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-08-24 18:01:48 +0200 |
commit | 60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c (patch) | |
tree | 00595ce3495820fd01f1ea4f0833bc247a2845d3 | |
parent | 42a60735e1a1ec9dd72b09bc9c926a4dbc0d8545 (diff) | |
download | passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.gz passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.bz2 passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.lz passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.xz passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.zst passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.zip |
Don't unnecessarily avoid CLOEXEC flags2022_08_24.60ffc5b
There are several places in the passt code where we have lint overrides
because we're not adding CLOEXEC flags to open or other operations.
Comments suggest this is because it's before we fork() into the background
but we'll need those file descriptors after we're in the background.
However, as the name suggests CLOEXEC closes on exec(), not on fork(). The
only place we exec() is either super early invoke the avx2 version of the
binary, or when we start a shell in pasta mode, which certainly *doesn't*
require the fds in question.
Add the CLOEXEC flag in those places, and remove the lint overrides.
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | conf.c | 10 | ||||
-rw-r--r-- | passt.c | 6 | ||||
-rw-r--r-- | pasta.c | 2 |
3 files changed, 6 insertions, 12 deletions
@@ -562,18 +562,14 @@ static int conf_ns_opt(struct ctx *c, continue; } - /* Don't pass O_CLOEXEC here: ns_enter() needs those files */ if (!c->netns_only) { if (*conf_userns) - /* NOLINTNEXTLINE(android-cloexec-open) */ - ufd = open(conf_userns, O_RDONLY); + ufd = open(conf_userns, O_RDONLY | O_CLOEXEC); else if (*userns) - /* NOLINTNEXTLINE(android-cloexec-open) */ - ufd = open(userns, O_RDONLY); + ufd = open(userns, O_RDONLY | O_CLOEXEC); } - /* NOLINTNEXTLINE(android-cloexec-open) */ - nfd = open(netns, O_RDONLY); + nfd = open(netns, O_RDONLY | O_CLOEXEC); if (nfd == -1 || (ufd == -1 && !c->netns_only)) { if (nfd >= 0) @@ -329,8 +329,7 @@ int main(int argc, char **argv) __setlogmask(LOG_MASK(LOG_EMERG)); - /* NOLINTNEXTLINE(android-cloexec-epoll-create1): forking in a moment */ - c.epollfd = epoll_create1(0); + c.epollfd = epoll_create1(EPOLL_CLOEXEC); if (c.epollfd == -1) { perror("epoll_create1"); exit(EXIT_FAILURE); @@ -381,8 +380,7 @@ int main(int argc, char **argv) pcap_init(&c); if (!c.foreground) { - /* NOLINTNEXTLINE(android-cloexec-open): see __daemon() */ - if ((devnull_fd = open("/dev/null", O_RDWR)) < 0) { + if ((devnull_fd = open("/dev/null", O_RDWR | O_CLOEXEC)) < 0) { perror("/dev/null open"); exit(EXIT_FAILURE); } @@ -223,7 +223,7 @@ void pasta_ns_conf(struct ctx *c) */ int pasta_netns_quit_init(struct ctx *c) { - int flags = O_NONBLOCK | (c->foreground ? O_CLOEXEC : 0); + int flags = O_NONBLOCK | O_CLOEXEC; struct epoll_event ev = { .events = EPOLLIN }; int inotify_fd; |