From 8ebd82645a8503ec1b8464586e5c19c18c009f06 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 11 Jul 2012 09:29:22 -0700 Subject: Don't leak file descriptors to action Bug 8204 Make sure we don't handle unnecessary file descriptors to child processes. This is done by marking file descriptors as close on exec, and closing pipe before exec. --- src/cstore/unionfs/cstore-unionfs.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'src/cstore') diff --git a/src/cstore/unionfs/cstore-unionfs.cpp b/src/cstore/unionfs/cstore-unionfs.cpp index f8e54d7..7cfe23d 100644 --- a/src/cstore/unionfs/cstore-unionfs.cpp +++ b/src/cstore/unionfs/cstore-unionfs.cpp @@ -20,7 +20,9 @@ #include #include +#include #include +#include #include #include @@ -701,7 +703,10 @@ UnionfsCstore::commitConfig(commit::PrioNode& node) bool UnionfsCstore::getCommitLock() { - int fd = creat(C_COMMIT_LOCK_FILE.c_str(), 0777); + int fd; + + fd = open(C_COMMIT_LOCK_FILE.c_str(), + O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC, 0666); if (fd < 0) { // should not happen since all commit processes should have write access output_internal("getCommitLock() failed to open lock file\n"); -- cgit v1.2.3