File and Resource Handling: Medium
Several file and socket operations were missing the close-on-exec flag,
which causes file descriptors to leak to child processes created via
fork+exec. This could allow child processes unintended access to
privileged resources.
- node-driver.c: SOCK_DGRAM socket for SIOCETHTOOL ioctl leaked to
child processes
- pw-container.c: Unix domain listen socket leaked to spawned
container processes
- compress-offload-api.c: ALSA compress-offload device fd leaked to
child processes
Added O_CLOEXEC to open() calls and SOCK_CLOEXEC to socket() calls.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add support for running the sink as a driver
* Detect which compressed formats are actually supported
* Correctly open/close/start/stop device according to the node commands
* Shift away from tinycompress and use Compress-Offload ioctls directly
to be able to access various caps information (including fragment sizes)
which are unavailable in the tinycompress API
* Implement SPA_PARAM_PropInfo and SPA_PARAM_Props support
