mirror of
https://passt.top/passt
synced 2024-12-22 13:45:32 +00:00
Don't unnecessarily avoid CLOEXEC flags
There are several places in the passt code where we have lint overrides because we're not adding CLOEXEC flags to open or other operations. Comments suggest this is because it's before we fork() into the background but we'll need those file descriptors after we're in the background. However, as the name suggests CLOEXEC closes on exec(), not on fork(). The only place we exec() is either super early invoke the avx2 version of the binary, or when we start a shell in pasta mode, which certainly *doesn't* require the fds in question. Add the CLOEXEC flag in those places, and remove the lint overrides. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This commit is contained in:
parent
42a60735e1
commit
60ffc5b6cb
10
conf.c
10
conf.c
@ -562,18 +562,14 @@ static int conf_ns_opt(struct ctx *c,
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Don't pass O_CLOEXEC here: ns_enter() needs those files */
|
||||
if (!c->netns_only) {
|
||||
if (*conf_userns)
|
||||
/* NOLINTNEXTLINE(android-cloexec-open) */
|
||||
ufd = open(conf_userns, O_RDONLY);
|
||||
ufd = open(conf_userns, O_RDONLY | O_CLOEXEC);
|
||||
else if (*userns)
|
||||
/* NOLINTNEXTLINE(android-cloexec-open) */
|
||||
ufd = open(userns, O_RDONLY);
|
||||
ufd = open(userns, O_RDONLY | O_CLOEXEC);
|
||||
}
|
||||
|
||||
/* NOLINTNEXTLINE(android-cloexec-open) */
|
||||
nfd = open(netns, O_RDONLY);
|
||||
nfd = open(netns, O_RDONLY | O_CLOEXEC);
|
||||
|
||||
if (nfd == -1 || (ufd == -1 && !c->netns_only)) {
|
||||
if (nfd >= 0)
|
||||
|
6
passt.c
6
passt.c
@ -329,8 +329,7 @@ int main(int argc, char **argv)
|
||||
|
||||
__setlogmask(LOG_MASK(LOG_EMERG));
|
||||
|
||||
/* NOLINTNEXTLINE(android-cloexec-epoll-create1): forking in a moment */
|
||||
c.epollfd = epoll_create1(0);
|
||||
c.epollfd = epoll_create1(EPOLL_CLOEXEC);
|
||||
if (c.epollfd == -1) {
|
||||
perror("epoll_create1");
|
||||
exit(EXIT_FAILURE);
|
||||
@ -381,8 +380,7 @@ int main(int argc, char **argv)
|
||||
pcap_init(&c);
|
||||
|
||||
if (!c.foreground) {
|
||||
/* NOLINTNEXTLINE(android-cloexec-open): see __daemon() */
|
||||
if ((devnull_fd = open("/dev/null", O_RDWR)) < 0) {
|
||||
if ((devnull_fd = open("/dev/null", O_RDWR | O_CLOEXEC)) < 0) {
|
||||
perror("/dev/null open");
|
||||
exit(EXIT_FAILURE);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user