all: use O_CLOEXEC for file descriptors
This commit is contained in:
Thomas Haller
@@ -158,7 +158,7 @@ br2684_assign_vcc (NMDeviceAdsl *self, NMSettingAdsl *s_adsl)
|
||||
g_return_val_if_fail (priv->brfd == -1, FALSE);
|
||||
g_return_val_if_fail (priv->nas_ifname != NULL, FALSE);
|
||||
|
||||
priv->brfd = socket (PF_ATMPVC, SOCK_DGRAM, ATM_AAL5);
|
||||
priv->brfd = socket (PF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, ATM_AAL5);
|
||||
if (priv->brfd < 0) {
|
||||
errsv = errno;
|
||||
_LOGE (LOGD_ADSL, "failed to open ATM control socket (%d)", errsv);
|
||||
@@ -344,7 +344,7 @@ br2684_create_iface (NMDeviceAdsl *self,
|
||||
nm_clear_g_source (&priv->nas_update_id);
|
||||
}
|
||||
|
||||
fd = socket (PF_ATMPVC, SOCK_DGRAM, ATM_AAL5);
|
||||
fd = socket (PF_ATMPVC, SOCK_DGRAM | SOCK_CLOEXEC, ATM_AAL5);
|
||||
if (fd < 0) {
|
||||
errsv = errno;
|
||||
_LOGE (LOGD_ADSL, "failed to open ATM control socket (%d)", errsv);
|
||||
|
||||
@@ -64,7 +64,7 @@ dun_connect (NMBluez5DunContext *context)
|
||||
.channel = context->rfcomm_channel
|
||||
};
|
||||
|
||||
context->rfcomm_fd = socket (AF_BLUETOOTH, SOCK_STREAM, BTPROTO_RFCOMM);
|
||||
context->rfcomm_fd = socket (AF_BLUETOOTH, SOCK_STREAM | SOCK_CLOEXEC, BTPROTO_RFCOMM);
|
||||
if (context->rfcomm_fd < 0) {
|
||||
int errsv = errno;
|
||||
error = g_error_new (NM_BT_ERROR, NM_BT_ERROR_DUN_CONNECT_FAILED,
|
||||
@@ -112,7 +112,7 @@ dun_connect (NMBluez5DunContext *context)
|
||||
context->rfcomm_id = devid;
|
||||
|
||||
snprintf (tty, ttylen, "/dev/rfcomm%d", devid);
|
||||
while ((context->rfcomm_tty_fd = open (tty, O_RDONLY | O_NOCTTY)) < 0 && try--) {
|
||||
while ((context->rfcomm_tty_fd = open (tty, O_RDONLY | O_NOCTTY | O_CLOEXEC)) < 0 && try--) {
|
||||
if (try) {
|
||||
g_usleep (100 * 1000);
|
||||
continue;
|
||||
|
||||
@@ -350,7 +350,7 @@ _test_recv_fixture_setup (TestRecvFixture *fixture, gconstpointer user_data)
|
||||
struct ifreq ifr = { };
|
||||
int fd, s;
|
||||
|
||||
fd = open ("/dev/net/tun", O_RDWR);
|
||||
fd = open ("/dev/net/tun", O_RDWR | O_CLOEXEC);
|
||||
g_assert (fd >= 0);
|
||||
|
||||
ifr.ifr_flags = IFF_TAP | IFF_NO_PI;
|
||||
@@ -358,7 +358,7 @@ _test_recv_fixture_setup (TestRecvFixture *fixture, gconstpointer user_data)
|
||||
g_assert (ioctl (fd, TUNSETIFF, &ifr) >= 0);
|
||||
|
||||
/* Bring the interface up */
|
||||
s = socket (AF_INET, SOCK_DGRAM, 0);
|
||||
s = socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
g_assert (s >= 0);
|
||||
ifr.ifr_flags |= IFF_UP;
|
||||
g_assert (ioctl (s, SIOCSIFFLAGS, &ifr) >= 0);
|
||||
|
||||
@@ -500,7 +500,7 @@ port_speed_is_zero (const char *port)
|
||||
struct termios options;
|
||||
nm_auto_close int fd = -1;
|
||||
|
||||
fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY);
|
||||
fd = open (port, O_RDWR | O_NONBLOCK | O_NOCTTY | O_CLOEXEC);
|
||||
if (fd < 0)
|
||||
return FALSE;
|
||||
|
||||
|
||||
@@ -719,7 +719,7 @@ update_resolv_conf (NMDnsManager *self,
|
||||
}
|
||||
}
|
||||
|
||||
if ((f = fopen (MY_RESOLV_CONF_TMP, "w")) == NULL) {
|
||||
if ((f = fopen (MY_RESOLV_CONF_TMP, "we")) == NULL) {
|
||||
errsv = errno;
|
||||
g_set_error (error,
|
||||
NM_MANAGER_ERROR,
|
||||
@@ -1594,7 +1594,7 @@ _check_resconf_immutable (NMDnsManagerResolvConfManager rc_manager)
|
||||
}
|
||||
}
|
||||
|
||||
fd = open (_PATH_RESCONF, O_RDONLY);
|
||||
fd = open (_PATH_RESCONF, O_RDONLY | O_CLOEXEC);
|
||||
if (fd != -1) {
|
||||
if (ioctl (fd, FS_IOC_GETFLAGS, &flags) != -1)
|
||||
immutable = NM_FLAGS_HAS (flags, FS_IMMUTABLE_FL);
|
||||
|
||||
@@ -95,7 +95,7 @@ nm_main_utils_write_pidfile (const char *pidfile)
|
||||
int fd;
|
||||
gboolean success = FALSE;
|
||||
|
||||
if ((fd = open (pidfile, O_CREAT|O_WRONLY|O_TRUNC, 00644)) < 0) {
|
||||
if ((fd = open (pidfile, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC, 00644)) < 0) {
|
||||
fprintf (stderr, _("Opening %s failed: %s\n"), pidfile, strerror (errno));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
@@ -3050,7 +3050,7 @@ nm_utils_read_urandom (void *p, size_t nbytes)
|
||||
int r;
|
||||
|
||||
again:
|
||||
fd = open ("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY);
|
||||
fd = open ("/dev/urandom", O_RDONLY | O_CLOEXEC | O_NOCTTY);
|
||||
if (fd < 0) {
|
||||
r = errno;
|
||||
if (r == EINTR)
|
||||
|
||||
@@ -5450,7 +5450,7 @@ rfkill_change (NMManager *self, const char *desc, RfKillType rtype, gboolean ena
|
||||
g_return_if_fail (rtype == RFKILL_TYPE_WLAN || rtype == RFKILL_TYPE_WWAN);
|
||||
|
||||
errno = 0;
|
||||
fd = open ("/dev/rfkill", O_RDWR);
|
||||
fd = open ("/dev/rfkill", O_RDWR | O_CLOEXEC);
|
||||
if (fd < 0) {
|
||||
if (errno == EACCES)
|
||||
_LOGW (LOGD_RFKILL, "(%s): failed to open killswitch device", desc);
|
||||
|
||||
@@ -5167,7 +5167,7 @@ tun_add (NMPlatform *platform, const char *name, gboolean tap,
|
||||
_LOGD ("link: add %s '%s' owner %" G_GINT64_FORMAT " group %" G_GINT64_FORMAT,
|
||||
tap ? "tap" : "tun", name, owner, group);
|
||||
|
||||
fd = open ("/dev/net/tun", O_RDWR);
|
||||
fd = open ("/dev/net/tun", O_RDWR | O_CLOEXEC);
|
||||
if (fd < 0)
|
||||
return FALSE;
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ ethtool_get (const char *name, gpointer edata)
|
||||
nm_utils_ifname_cpy (ifr.ifr_name, name);
|
||||
ifr.ifr_data = edata;
|
||||
|
||||
fd = socket (PF_INET, SOCK_DGRAM, 0);
|
||||
fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (fd < 0) {
|
||||
nm_log_err (LOGD_PLATFORM, "ethtool: Could not open socket.");
|
||||
return FALSE;
|
||||
@@ -410,7 +410,7 @@ nmp_utils_mii_supports_carrier_detect (const char *ifname)
|
||||
if (!nmp_utils_device_exists (ifname))
|
||||
return FALSE;
|
||||
|
||||
fd = socket (PF_INET, SOCK_DGRAM, 0);
|
||||
fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (fd < 0) {
|
||||
nm_log_err (LOGD_PLATFORM, "mii: couldn't open control socket (%s)", ifname);
|
||||
return FALSE;
|
||||
|
||||
@@ -284,7 +284,7 @@ _netns_new (GError **error)
|
||||
int fd_net, fd_mnt;
|
||||
int errsv;
|
||||
|
||||
fd_net = open (PROC_SELF_NS_NET, O_RDONLY);
|
||||
fd_net = open (PROC_SELF_NS_NET, O_RDONLY | O_CLOEXEC);
|
||||
if (fd_net == -1) {
|
||||
errsv = errno;
|
||||
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
|
||||
@@ -293,7 +293,7 @@ _netns_new (GError **error)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
fd_mnt = open (PROC_SELF_NS_MNT, O_RDONLY);
|
||||
fd_mnt = open (PROC_SELF_NS_MNT, O_RDONLY | O_CLOEXEC);
|
||||
if (fd_mnt == -1) {
|
||||
errsv = errno;
|
||||
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
|
||||
@@ -631,7 +631,7 @@ nmp_netns_bind_to_path (NMPNetns *self, const char *filename, int *out_fd)
|
||||
}
|
||||
|
||||
if (out_fd) {
|
||||
if ((fd = open (filename, O_RDONLY)) == -1) {
|
||||
if ((fd = open (filename, O_RDONLY | O_CLOEXEC)) == -1) {
|
||||
errsv = errno;
|
||||
_LOGE (self, "bind: failed to open %s: %s", filename, g_strerror (errsv));
|
||||
umount2 (filename, MNT_DETACH);
|
||||
|
||||
@@ -1407,7 +1407,7 @@ nmtstp_namespace_create (int unshare_flags, GError **error)
|
||||
int pipefd_p2c[2];
|
||||
ssize_t r;
|
||||
|
||||
e = pipe (pipefd_c2p);
|
||||
e = pipe2 (pipefd_c2p, O_CLOEXEC);
|
||||
if (e != 0) {
|
||||
errsv = errno;
|
||||
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
|
||||
@@ -1415,7 +1415,7 @@ nmtstp_namespace_create (int unshare_flags, GError **error)
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
e = pipe (pipefd_p2c);
|
||||
e = pipe2 (pipefd_p2c, O_CLOEXEC);
|
||||
if (e != 0) {
|
||||
errsv = errno;
|
||||
g_set_error (error, NM_UTILS_ERROR, NM_UTILS_ERROR_UNKNOWN,
|
||||
@@ -1549,7 +1549,7 @@ nmtstp_namespace_get_fd_for_process (pid_t pid, const char *ns_name)
|
||||
|
||||
nm_sprintf_buf (p, "/proc/%lu/ns/%s", (long unsigned) pid, ns_name);
|
||||
|
||||
return open(p, O_RDONLY);
|
||||
return open(p, O_RDONLY | O_CLOEXEC);
|
||||
}
|
||||
|
||||
/*****************************************************************************/
|
||||
@@ -1592,21 +1592,21 @@ unshare_user (void)
|
||||
|
||||
/* Since Linux 3.19 we have to disable setgroups() in order to map users.
|
||||
* Just proceed if the file is not there. */
|
||||
f = fopen ("/proc/self/setgroups", "w");
|
||||
f = fopen ("/proc/self/setgroups", "we");
|
||||
if (f) {
|
||||
fprintf (f, "deny");
|
||||
fclose (f);
|
||||
}
|
||||
|
||||
/* Map current UID to root in NS to be created. */
|
||||
f = fopen ("/proc/self/uid_map", "w");
|
||||
f = fopen ("/proc/self/uid_map", "we");
|
||||
if (!f)
|
||||
return FALSE;
|
||||
fprintf (f, "0 %d 1", uid);
|
||||
fclose (f);
|
||||
|
||||
/* Map current GID to root in NS to be created. */
|
||||
f = fopen ("/proc/self/gid_map", "w");
|
||||
f = fopen ("/proc/self/gid_map", "we");
|
||||
if (!f)
|
||||
return FALSE;
|
||||
fprintf (f, "0 %d 1", gid);
|
||||
|
||||
@@ -577,7 +577,7 @@ wifi_wext_init (const char *iface, int ifindex, gboolean check_scan)
|
||||
wext->parent.set_mesh_channel = wifi_wext_set_mesh_channel;
|
||||
wext->parent.set_mesh_ssid = wifi_wext_set_mesh_ssid;
|
||||
|
||||
wext->fd = socket (PF_INET, SOCK_DGRAM, 0);
|
||||
wext->fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (wext->fd < 0)
|
||||
goto error;
|
||||
|
||||
@@ -665,7 +665,7 @@ wifi_wext_is_wifi (const char *iface)
|
||||
if (!nmp_utils_device_exists (iface))
|
||||
return FALSE;
|
||||
|
||||
fd = socket (PF_INET, SOCK_DGRAM, 0);
|
||||
fd = socket (PF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (fd >= 0) {
|
||||
nm_utils_ifname_cpy (iwr.ifr_ifrn.ifrn_name, iface);
|
||||
if (ioctl (fd, SIOCGIWNAME, &iwr) == 0)
|
||||
|
||||
@@ -165,7 +165,7 @@ monitor_stats (NMPPPManager *manager)
|
||||
if (priv->monitor_fd >= 0)
|
||||
return;
|
||||
|
||||
priv->monitor_fd = socket (AF_INET, SOCK_DGRAM, 0);
|
||||
priv->monitor_fd = socket (AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (priv->monitor_fd >= 0) {
|
||||
g_warn_if_fail (priv->monitor_id == 0);
|
||||
if (priv->monitor_id)
|
||||
|
||||
@@ -144,7 +144,7 @@ init_inotify (NMInotifyHelper *self)
|
||||
GIOChannel *channel;
|
||||
guint source_id;
|
||||
|
||||
priv->ifd = inotify_init ();
|
||||
priv->ifd = inotify_init1 (IN_CLOEXEC);
|
||||
if (priv->ifd == -1) {
|
||||
int errsv = errno;
|
||||
|
||||
|
||||
@@ -641,11 +641,11 @@ svOpenFileInternal (const char *name, gboolean create, GError **error)
|
||||
|
||||
s->fd = -1;
|
||||
if (create)
|
||||
s->fd = open (name, O_RDWR); /* NOT O_CREAT */
|
||||
s->fd = open (name, O_RDWR | O_CLOEXEC); /* NOT O_CREAT */
|
||||
|
||||
if (!create || s->fd == -1) {
|
||||
/* try read-only */
|
||||
s->fd = open (name, O_RDONLY); /* NOT O_CREAT */
|
||||
s->fd = open (name, O_RDONLY | O_CLOEXEC); /* NOT O_CREAT */
|
||||
if (s->fd == -1)
|
||||
errsv = errno;
|
||||
else
|
||||
@@ -1017,7 +1017,7 @@ svWriteFile (shvarFile *s, int mode, GError **error)
|
||||
|
||||
if (s->modified) {
|
||||
if (s->fd == -1)
|
||||
s->fd = open (s->fileName, O_WRONLY | O_CREAT, mode);
|
||||
s->fd = open (s->fileName, O_WRONLY | O_CREAT | O_CLOEXEC, mode);
|
||||
if (s->fd == -1) {
|
||||
int errsv = errno;
|
||||
|
||||
|
||||
@@ -117,7 +117,7 @@ _recursive_ifparser (const char *eni_file, int quiet)
|
||||
nm_log_warn (LOGD_SETTINGS, "interfaces file %s doesn't exist\n", eni_file);
|
||||
return;
|
||||
}
|
||||
inp = fopen (eni_file, "r");
|
||||
inp = fopen (eni_file, "re");
|
||||
if (inp == NULL) {
|
||||
if (!quiet)
|
||||
nm_log_warn (LOGD_SETTINGS, "Can't open %s\n", eni_file);
|
||||
|
||||
@@ -26,6 +26,7 @@
|
||||
#include <netinet/ether.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/wait.h>
|
||||
#include <fcntl.h>
|
||||
|
||||
#include "NetworkManagerUtils.h"
|
||||
#include "nm-multi-index.h"
|
||||
@@ -173,7 +174,7 @@ test_nm_utils_kill_child_create_and_join_pgroup (void)
|
||||
int pipefd[2];
|
||||
pid_t pgid;
|
||||
|
||||
err = pipe (pipefd);
|
||||
err = pipe2 (pipefd, O_CLOEXEC);
|
||||
g_assert (err == 0);
|
||||
|
||||
pgid = fork();
|
||||
|
||||
Reference in New Issue
Block a user