aboutgitcodebugslistschat
diff options
context:
space:
mode:
authorDavid Gibson <david@gibson.dropbear.id.au>2022-08-23 16:31:51 +1000
committerStefano Brivio <sbrivio@redhat.com>2022-08-24 18:01:48 +0200
commit60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c (patch)
tree00595ce3495820fd01f1ea4f0833bc247a2845d3
parent42a60735e1a1ec9dd72b09bc9c926a4dbc0d8545 (diff)
downloadpasst-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.gz
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.bz2
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.lz
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.xz
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.tar.zst
passt-60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c.zip
Don't unnecessarily avoid CLOEXEC flags2022_08_24.60ffc5b
There are several places in the passt code where we have lint overrides because we're not adding CLOEXEC flags to open or other operations. Comments suggest this is because it's before we fork() into the background but we'll need those file descriptors after we're in the background. However, as the name suggests CLOEXEC closes on exec(), not on fork(). The only place we exec() is either super early invoke the avx2 version of the binary, or when we start a shell in pasta mode, which certainly *doesn't* require the fds in question. Add the CLOEXEC flag in those places, and remove the lint overrides. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r--conf.c10
-rw-r--r--passt.c6
-rw-r--r--pasta.c2
3 files changed, 6 insertions, 12 deletions
diff --git a/conf.c b/conf.c
index ac81c15..d936157 100644
--- a/conf.c
+++ b/conf.c
@@ -562,18 +562,14 @@ static int conf_ns_opt(struct ctx *c,
continue;
}
- /* Don't pass O_CLOEXEC here: ns_enter() needs those files */
if (!c->netns_only) {
if (*conf_userns)
- /* NOLINTNEXTLINE(android-cloexec-open) */
- ufd = open(conf_userns, O_RDONLY);
+ ufd = open(conf_userns, O_RDONLY | O_CLOEXEC);
else if (*userns)
- /* NOLINTNEXTLINE(android-cloexec-open) */
- ufd = open(userns, O_RDONLY);
+ ufd = open(userns, O_RDONLY | O_CLOEXEC);
}
- /* NOLINTNEXTLINE(android-cloexec-open) */
- nfd = open(netns, O_RDONLY);
+ nfd = open(netns, O_RDONLY | O_CLOEXEC);
if (nfd == -1 || (ufd == -1 && !c->netns_only)) {
if (nfd >= 0)
diff --git a/passt.c b/passt.c
index 0113002..bbf53d9 100644
--- a/passt.c
+++ b/passt.c
@@ -329,8 +329,7 @@ int main(int argc, char **argv)
__setlogmask(LOG_MASK(LOG_EMERG));
- /* NOLINTNEXTLINE(android-cloexec-epoll-create1): forking in a moment */
- c.epollfd = epoll_create1(0);
+ c.epollfd = epoll_create1(EPOLL_CLOEXEC);
if (c.epollfd == -1) {
perror("epoll_create1");
exit(EXIT_FAILURE);
@@ -381,8 +380,7 @@ int main(int argc, char **argv)
pcap_init(&c);
if (!c.foreground) {
- /* NOLINTNEXTLINE(android-cloexec-open): see __daemon() */
- if ((devnull_fd = open("/dev/null", O_RDWR)) < 0) {
+ if ((devnull_fd = open("/dev/null", O_RDWR | O_CLOEXEC)) < 0) {
perror("/dev/null open");
exit(EXIT_FAILURE);
}
diff --git a/pasta.c b/pasta.c
index 5a78065..830748f 100644
--- a/pasta.c
+++ b/pasta.c
@@ -223,7 +223,7 @@ void pasta_ns_conf(struct ctx *c)
*/
int pasta_netns_quit_init(struct ctx *c)
{
- int flags = O_NONBLOCK | (c->foreground ? O_CLOEXEC : 0);
+ int flags = O_NONBLOCK | O_CLOEXEC;
struct epoll_event ev = { .events = EPOLLIN };
int inotify_fd;