diff options
| -rw-r--r-- | src/libstore/build.cc | 5 | ||||
| -rw-r--r-- | src/libstore/gc.cc | 1 | ||||
| -rw-r--r-- | src/libstore/pathlocks.cc | 2 | ||||
| -rw-r--r-- | src/libutil/util.cc | 12 | ||||
| -rw-r--r-- | src/libutil/util.hh | 3 |
5 files changed, 20 insertions, 3 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 5bdd49bac0..467f165974 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -492,6 +492,7 @@ void UserLock::acquire() AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600); if (fd == -1) throw SysError(format("opening user lock `%1%'") % fnUserLock); + closeOnExec(fd); if (lockFile(fd, ltWrite, false)) { fdUserLock = fd.borrow(); @@ -1792,9 +1793,6 @@ void DerivationGoal::startBuilder() if (chdir(tmpDir.c_str()) == -1) throw SysError(format("changing into `%1%'") % tmpDir); - /* Close all other file descriptors. */ - closeMostFDs(set<int>()); - #ifdef CAN_DO_LINUX32_BUILDS if (drv.platform == "i686-linux" && thisSystem == "x86_64-linux") { if (personality(0x0008 | 0x8000000 /* == PER_LINUX32_3GB */) == -1) @@ -2026,6 +2024,7 @@ Path DerivationGoal::openLogFile() O_CREAT | O_WRONLY | O_TRUNC, 0666); if (fdLogFile == -1) throw SysError(format("creating log file `%1%'") % logFileName); + closeOnExec(fdLogFile); return logFileName; } diff --git a/src/libstore/gc.cc b/src/libstore/gc.cc index e1e7b4c1c5..e27c63de26 100644 --- a/src/libstore/gc.cc +++ b/src/libstore/gc.cc @@ -40,6 +40,7 @@ int LocalStore::openGCLock(LockType lockType) AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600); if (fdGCLock == -1) throw SysError(format("opening global GC lock `%1%'") % fnGCLock); + closeOnExec(fdGCLock); if (!lockFile(fdGCLock, lockType, false)) { printMsg(lvlError, format("waiting for the big garbage collector lock...")); diff --git a/src/libstore/pathlocks.cc b/src/libstore/pathlocks.cc index 645f4cd67e..b858ed238d 100644 --- a/src/libstore/pathlocks.cc +++ b/src/libstore/pathlocks.cc @@ -20,6 +20,8 @@ int openLockFile(const Path & path, bool create) if (fd == -1 && (create || errno != ENOENT)) throw SysError(format("opening lock file `%1%'") % path); + closeOnExec(fd); + return fd.borrow(); } diff --git a/src/libutil/util.cc b/src/libutil/util.cc index 31322f9c48..842cf3ea47 100644 --- a/src/libutil/util.cc +++ b/src/libutil/util.cc @@ -8,6 +8,7 @@ #include <cstring> #include <sys/wait.h> +#include <unistd.h> #include <fcntl.h> #include <limits.h> @@ -683,6 +684,8 @@ void Pipe::create() if (pipe(fds) != 0) throw SysError("creating pipe"); readSide = fds[0]; writeSide = fds[1]; + closeOnExec(readSide); + closeOnExec(writeSide); } @@ -934,6 +937,15 @@ void closeMostFDs(const set<int> & exceptions) } +void closeOnExec(int fd) +{ + int prev; + if ((prev = fcntl(fd, F_GETFD, 0)) == -1 || + fcntl(fd, F_SETFD, prev | FD_CLOEXEC) == -1) + throw SysError("setting close-on-exec flag"); +} + + void quickExit(int status) { _exit(status); diff --git a/src/libutil/util.hh b/src/libutil/util.hh index a1cf68e69d..ee0f3862a8 100644 --- a/src/libutil/util.hh +++ b/src/libutil/util.hh @@ -258,6 +258,9 @@ string runProgram(Path program, bool searchPath = false, listed in the given set. Good practice in child processes. */ void closeMostFDs(const set<int> & exceptions); +/* Set the close-on-exec flag for the given file descriptor. */ +void closeOnExec(int fd); + /* Wrapper around _exit() on Unix and ExitProcess() on Windows. (On Cygwin, _exit() doesn't seem to do the right thing.) */ void quickExit(int status); |