mirrors/cage
1
0
Fork 0
mirror of https://github.com/cage-kiosk/cage.git synced 2026-04-09 08:21:23 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

cage: set CLOEXEC on the file descriptors

Browse source 
As mentioned by @emersion:

By default, pipe creates FDs without the CLOEXEC flag set, which means
they will be leaked to any other child process spawned. Would be nice to
set the CLOEXEC flag to prevent the leak.
This commit is contained in:
Jente Hidskes 2020-02-06 23:07:03 +01:00
parent 96218dc95f
commit 7f919a5198
No known key found for this signature in database
GPG key ID: 04BE5A29F32D91EA
1 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
cage.c
View file

@ -10,6 +10,7 @@
#include "config.h" #include "config.h"
#include <fcntl.h>
#include <getopt.h> #include <getopt.h>
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
@ -67,6 +68,25 @@ sigchld_handler(int fd, uint32_t mask, void *data)
return 0; return 0;
} }
static bool
set_cloexec(int fd)
{
int flags = fcntl(fd, F_GETFD);
if (flags == -1) {
wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
return false;
}
flags = flags | FD_CLOEXEC;
if (fcntl(fd, F_SETFD, flags) == -1) {
wlr_log(WLR_ERROR, "Unable to set the CLOEXEC flag: fnctl failed");
return false;
}
return true;
}
static bool static bool
spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, struct wl_event_source **sigchld_source) spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, struct wl_event_source **sigchld_source)
{ {
@ -90,6 +110,10 @@ spawn_primary_client(struct wl_display *display, char *argv[], pid_t *pid_out, s
return false; return false;
} }
if (!set_cloexec(fd[0]) || !set_cloexec(fd[1])) {
return false;
}
/* Close write, we only need read in Cage. */ /* Close write, we only need read in Cage. */
close(fd[1]); close(fd[1]);