maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use O_CLOEXEC in most places

Browse source
This commit is contained in:
Eelco Dolstra 2016-06-09 16:15:58 +02:00
parent 9bdd949cfd
commit 202683a4fc
9 changed files with 23 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configure.ac
View file

@ -80,7 +80,7 @@ static char buf[1024];]],
AC_LANG_POP(C++)
AC_CHECK_FUNCS([statvfs])
AC_CHECK_FUNCS([statvfs pipe2])
# Check for lutimes, optionally used for changing the mtime of

3
src/libstore/build.cc
View file

@ -509,10 +509,9 @@ void UserLock::acquire()
/* We already have a lock on this one. */
continue;
AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600);
AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (fd == -1)
throw SysError(format("opening user lock %1%") % fnUserLock);
closeOnExec(fd);
if (lockFile(fd, ltWrite, false)) {
fdUserLock = fd.borrow();

5
src/libstore/gc.cc
View file

@ -33,10 +33,9 @@ int LocalStore::openGCLock(LockType lockType)
debug(format("acquiring global GC lock %1%") % fnGCLock);
AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600);
AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (fdGCLock == -1)
throw SysError(format("opening global GC lock %1%") % fnGCLock);
closeOnExec(fdGCLock);
if (!lockFile(fdGCLock, lockType, false)) {
printMsg(lvlError, format("waiting for the big garbage collector lock..."));
@ -211,7 +210,7 @@ void LocalStore::readTempRoots(PathSet & tempRoots, FDs & fds)
Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str();
debug(format("reading temporary root file %1%") % path);
FDPtr fd(new AutoCloseFD(open(path.c_str(), O_RDWR, 0666)));
FDPtr fd(new AutoCloseFD(open(path.c_str(), O_CLOEXEC | O_RDWR, 0666)));
if (*fd == -1) {
/* It's okay if the file has disappeared. */
if (errno == ENOENT) continue;

4
src/libstore/local-store.cc
View file

@ -117,7 +117,7 @@ LocalStore::LocalStore(const Params & params)
if (stat(reservedPath.c_str(), &st) == -1 ||
st.st_size != settings.reservedSize)
{
AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT, 0600);
AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, 0600);
int res = -1;
#if HAVE_POSIX_FALLOCATE
res = posix_fallocate(fd, 0, settings.reservedSize);
@ -1245,7 +1245,7 @@ static void makeMutable(const Path & path)
/* The O_NOFOLLOW is important to prevent us from changing the
mutable bit on the target of a symlink (which would be a
security hole). */
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW);
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd == -1) {
if (errno == ELOOP) return; // it's a symlink
throw SysError(format("opening file %1%") % path);

4
src/libstore/pathlocks.cc
View file

@ -16,12 +16,10 @@ int openLockFile(const Path & path, bool create)
{
AutoCloseFD fd;
fd = open(path.c_str(), O_RDWR | (create ? O_CREAT : 0), 0600);
fd = open(path.c_str(), O_CLOEXEC | O_RDWR | (create ? O_CREAT : 0), 0600);
if (fd == -1 && (create || errno != ENOENT))
throw SysError(format("opening lock file %1%") % path);
closeOnExec(fd);
return fd.borrow();
}

6
src/libstore/remote-store.cc
View file

@ -61,7 +61,11 @@ ref<RemoteStore::Connection> RemoteStore::openConnection()
auto conn = make_ref<Connection>();
/* Connect to a daemon that does the privileged work for us. */
conn->fd = socket(PF_UNIX, SOCK_STREAM, 0);
conn->fd = socket(PF_UNIX, SOCK_STREAM
#ifdef SOCK_CLOEXEC
| SOCK_CLOEXEC
#endif
, 0);
if (conn->fd == -1)
throw SysError("cannot create Unix domain socket");
closeOnExec(conn->fd);

4
src/libutil/archive.cc
View file

@ -41,7 +41,7 @@ static void dumpContents(const Path & path, size_t size,
{
sink << "contents" << size;
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) throw SysError(format("opening file %1%") % path);
unsigned char buf[65536];
@ -304,7 +304,7 @@ struct RestoreSink : ParseSink
{
Path p = dstPath + path;
fd.close();
fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0666);
fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC, 0666);
if (fd == -1) throw SysError(format("creating file %1%") % p);
}

2
src/libutil/hash.cc
View file

@ -254,7 +254,7 @@ Hash hashFile(HashType ht, const Path & path)
Hash hash(ht);
start(ht, ctx);
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) throw SysError(format("opening file %1%") % path);
unsigned char buf[8192];

12
src/libutil/util.cc
View file

@ -273,7 +273,7 @@ string readFile(int fd)
string readFile(const Path & path, bool drain)
{
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1)
throw SysError(format("opening file %1%") % path);
return drain ? drainFD(fd) : readFile(fd);
@ -282,7 +282,7 @@ string readFile(const Path & path, bool drain)
void writeFile(const Path & path, const string & s)
{
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0666);
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
if (fd == -1)
throw SysError(format("opening file %1%") % path);
writeFull(fd, s);
@ -633,11 +633,15 @@ int AutoCloseFD::borrow()
void Pipe::create()
{
int fds[2];
#if HAVE_PIPE2
if (pipe2(fds, O_CLOEXEC) != 0) throw SysError("creating pipe");
#else
if (pipe(fds) != 0) throw SysError("creating pipe");
closeOnExec(fds[0]);
closeOnExec(fds[1]);
#endif
readSide = fds[0];
writeSide = fds[1];
closeOnExec(readSide);
closeOnExec(writeSide);
}