mark newly opened fds as FD_CLOEXEC (close on exec)
(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)
Signed-off-by: Maciej Zenczykowski <maze@google.com>
Signed-off-by: Patrick McHardy <kaber@trash.net>
diff --git a/xtables.c b/xtables.c
index 2f00e39..352963f 100644
--- a/xtables.c
+++ b/xtables.c
@@ -300,6 +300,11 @@
procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
if (procfile < 0)
return NULL;
+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
ret = malloc(PROCFILE_BUFSIZ);
if (ret) {
@@ -697,6 +702,12 @@
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
xtables_load_ko(xtables_modprobe_program, true);
strcpy(rev.name, name);