summaryrefslogtreecommitdiff
path: root/src/cstore
diff options
context:
space:
mode:
authorStephen Hemminger <shemminger@vyatta.com>2012-07-11 09:29:22 -0700
committerStephen Hemminger <shemminger@vyatta.com>2012-07-11 11:52:47 -0700
commit8ebd82645a8503ec1b8464586e5c19c18c009f06 (patch)
tree955485024bcb20545e1c061f83777186baababb7 /src/cstore
parent628e456b5fc2c11cd474546461d1458a17d4ab56 (diff)
downloadvyatta-cfg-8ebd82645a8503ec1b8464586e5c19c18c009f06.tar.gz
vyatta-cfg-8ebd82645a8503ec1b8464586e5c19c18c009f06.zip
Don't leak file descriptors to action
Bug 8204 Make sure we don't handle unnecessary file descriptors to child processes. This is done by marking file descriptors as close on exec, and closing pipe before exec.
Diffstat (limited to 'src/cstore')
-rw-r--r--src/cstore/unionfs/cstore-unionfs.cpp7
1 files changed, 6 insertions, 1 deletions
diff --git a/src/cstore/unionfs/cstore-unionfs.cpp b/src/cstore/unionfs/cstore-unionfs.cpp
index f8e54d7..7cfe23d 100644
--- a/src/cstore/unionfs/cstore-unionfs.cpp
+++ b/src/cstore/unionfs/cstore-unionfs.cpp
@@ -20,7 +20,9 @@
#include <fstream>
#include <sstream>
+#include <unistd.h>
#include <errno.h>
+#include <fcntl.h>
#include <sys/mount.h>
#include <cli_cstore.h>
@@ -701,7 +703,10 @@ UnionfsCstore::commitConfig(commit::PrioNode& node)
bool
UnionfsCstore::getCommitLock()
{
- int fd = creat(C_COMMIT_LOCK_FILE.c_str(), 0777);
+ int fd;
+
+ fd = open(C_COMMIT_LOCK_FILE.c_str(),
+ O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666);
if (fd < 0) {
// should not happen since all commit processes should have write access
output_internal("getCommitLock() failed to open lock file\n");