From 8ebd82645a8503ec1b8464586e5c19c18c009f06 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <shemminger@vyatta.com>
Date: Wed, 11 Jul 2012 09:29:22 -0700
Subject: Don't leak file descriptors to action

Bug 8204
Make sure we don't handle unnecessary file descriptors to child
processes. This is done by marking file descriptors as close on
exec, and closing pipe before exec.
---
 src/cstore/unionfs/cstore-unionfs.cpp | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'src/cstore/unionfs/cstore-unionfs.cpp')

diff --git a/src/cstore/unionfs/cstore-unionfs.cpp b/src/cstore/unionfs/cstore-unionfs.cpp
index f8e54d7..7cfe23d 100644
--- a/src/cstore/unionfs/cstore-unionfs.cpp
+++ b/src/cstore/unionfs/cstore-unionfs.cpp
@@ -20,7 +20,9 @@
 #include <fstream>
 #include <sstream>
 
+#include <unistd.h>
 #include <errno.h>
+#include <fcntl.h>
 #include <sys/mount.h>
 
 #include <cli_cstore.h>
@@ -701,7 +703,10 @@ UnionfsCstore::commitConfig(commit::PrioNode& node)
 bool
 UnionfsCstore::getCommitLock()
 {
-  int fd = creat(C_COMMIT_LOCK_FILE.c_str(), 0777);
+  int fd;
+
+  fd = open(C_COMMIT_LOCK_FILE.c_str(),
+	    O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666);
   if (fd < 0) {
     // should not happen since all commit processes should have write access
     output_internal("getCommitLock() failed to open lock file\n");
-- 
cgit v1.2.3