From f004de4a9d29f65e14a542e42dc40b9628e936d4 Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Mon, 27 Sep 2021 00:28:24 +0200
Subject: tap: Don't leak file descriptor used to bring up loopback interface

...and while at it, set the socket as non-blocking directly on open().

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 tap.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'tap.c')

diff --git a/tap.c b/tap.c
index 721ae0c..f395227 100644
--- a/tap.c
+++ b/tap.c
@@ -848,20 +848,25 @@ static int tap_sock_init_tun_ns(void *target_pid)
 	if (ns_enter(*(int *)target_pid))
 		goto fail;
 
-	if ((fd = open("/dev/net/tun", O_RDWR)) < 0)
+	if ((fd = open("/dev/net/tun", O_RDWR | O_NONBLOCK)) < 0)
 		goto fail;
 
-	fcntl(fd, F_SETFL, O_NONBLOCK);
-
 	tun_ns_fd = fd;
 
-	if (ioctl(socket(AF_INET, SOCK_DGRAM, 0), SIOCSIFFLAGS,
-	    &((struct ifreq) { .ifr_name = "lo",
-			       .ifr_flags = IFF_UP }))) {
+	if ((fd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
+		perror("socket for ioctl");
+		goto fail;
+	}
+
+	if (ioctl(fd, SIOCSIFFLAGS, &((struct ifreq){ .ifr_name = "lo",
+						      .ifr_flags = IFF_UP }))) {
 		perror("SIOCSIFFLAGS ioctl for \"lo\"");
+		close(fd);
 		goto fail;
 	}
 
+	close(fd);
+
 	return 0;
 
 fail:
-- 
cgit v1.2.3