libsandbox: mark internal fds with O_CLOEXEC

We don't want to bleed these across forks/execs. Signed-off-by: Mike Frysinger <vapier@gentoo.org>
author: Mike Frysinger <vapier@gentoo.org> 2012-03-07 00:22:55 -0500
committer: Mike Frysinger <vapier@gentoo.org> 2012-03-07 00:28:01 -0500
commit: 00e64315a17b5f681c5a9f0114ac18eb002faa27 (patch)
tree: f5c5f8cb108e2acda7fbfa6518e7ff280ef8c9de /libsandbox/libsandbox.c
parent: tests: add static unlink tests (diff)
download: sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.gz
sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.bz2
sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/libsandbox/libsandbox.c b/libsandbox/libsandbox.c
index a36e190..77a2415 100644
--- a/libsandbox/libsandbox.c
+++ b/libsandbox/libsandbox.c
@@ -386,7 +386,7 @@ static int sb_copy_file_to_fd(const char *file, int ofd)
 {
 	int ret = -1;
 
-	int ifd = sb_open(file, O_RDONLY, 0);
+	int ifd = sb_open(file, O_RDONLY|O_CLOEXEC, 0);
 	if (ifd == -1)
 		return ret;
 
@@ -480,7 +480,7 @@ static bool write_logfile(const char *logfile, const char *func, const char *pat
 	}
 
 	logfd = sb_open(logfile,
-		O_APPEND | O_WRONLY | O_CREAT,
+		O_APPEND | O_WRONLY | O_CREAT | O_CLOEXEC,
 		S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
 	if (logfd == -1) {
 		SB_EERROR("ISE:write_logfile ", "unable to append logfile\n");
author	Mike Frysinger <vapier@gentoo.org>	2012-03-07 00:22:55 -0500
committer	Mike Frysinger <vapier@gentoo.org>	2012-03-07 00:28:01 -0500
commit	00e64315a17b5f681c5a9f0114ac18eb002faa27 (patch)
tree	f5c5f8cb108e2acda7fbfa6518e7ff280ef8c9de /libsandbox/libsandbox.c
parent	tests: add static unlink tests (diff)
download	sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.gz sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.tar.bz2 sandbox-00e64315a17b5f681c5a9f0114ac18eb002faa27.zip