cage: set CLOEXEC on the file descriptors

As mentioned by @emersion: By default, pipe creates FDs without the CLOEXEC flag set, which means they will be leaked to any other child process spawned. Would be nice to set the CLOEXEC flag to prevent the leak.
2025-10-29 05:40:19 -04:00 · 2020-02-06 23:07:03 +01:00 · 2020-02-06 23:07:03 +01:00 · 24cc576377
commit 24cc576377
parent 009cca3fa9
1 changed files with 24 additions and 0 deletions
--- a/cage.c
+++ b/cage.c
@ -10,6 +10,7 @@

 #include "config.h"

+#include <fcntl.h>
 #include <getopt.h>
 #include <signal.h>
 #include <stdio.h>
@ -67,6 +68,25 @@ sigchld_handler(int fd, uint32_t mask, void *data)
 	return 0;
 }

+static bool
+set_cloexec(int fd)
+{
+	int flags = fcntl(fd, F_GETFD);
+
+	if (flags == -1) {
+		wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
+		return false;
+	}
+
+	flags = flags | FD_CLOEXEC;
+	if (fcntl(fd, F_SETFD, flags) == -1) {
+		wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
+		return false;
+	}
+
+	return true;
+}
+
 static bool
 spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, struct wl_event_source **sigchld_source)
 {
@ -90,6 +110,10 @@ spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, s
 		return false;
 	}

+	if (!set_cloexec(fd[0]) || !set_cloexec(fd[1])) {
+		return false;
+	}
+
 	/* Close write, we only need read in Cage. */
 	close(fd[1]);