From 7f919a5198f8606799b5a710363651f0723ea48a Mon Sep 17 00:00:00 2001
From: Jente Hidskes <dev@hjdskes.nl>
Date: Thu, 6 Feb 2020 23:07:03 +0100
Subject: [PATCH] cage: set CLOEXEC on the file descriptors

As mentioned by @emersion:

By default, pipe creates FDs without the CLOEXEC flag set, which means
they will be leaked to any other child process spawned. Would be nice to
set the CLOEXEC flag to prevent the leak.
---
 cage.c | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/cage.c b/cage.c
index b6d537f..a9ced27 100644
--- a/cage.c
+++ b/cage.c
@@ -10,6 +10,7 @@
 
 #include "config.h"
 
+#include <fcntl.h>
 #include <getopt.h>
 #include <signal.h>
 #include <stdio.h>
@@ -67,6 +68,25 @@ sigchld_handler(int fd, uint32_t mask, void *data)
 	return 0;
 }
 
+static bool
+set_cloexec(int fd)
+{
+	int flags = fcntl(fd, F_GETFD);
+
+	if (flags == -1) {
+		wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
+		return false;
+	}
+
+	flags = flags | FD_CLOEXEC;
+	if (fcntl(fd, F_SETFD, flags) == -1) {
+		wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
+		return false;
+	}
+
+	return true;
+}
+
 static bool
 spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, struct wl_event_source **sigchld_source)
 {
@@ -90,6 +110,10 @@ spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, s
 		return false;
 	}
 
+	if (!set_cloexec(fd[0]) || !set_cloexec(fd[1])) {
+		return false;
+	}
+
 	/* Close write, we only need read in Cage. */
 	close(fd[1]);