socket: set close-on-exec on all reusable sockets
Set the CLOEXEC flag on all reusable sockets in the initialization to avoid leaking them to sendmail (mailonchange directive) in case the chrony configuration doesn't use all sockets provided by systemd.
This commit is contained in:
Miroslav Lichvar
parent
b6eec0068a
commit
ee9d721b7b
1 changed files with 7 additions and 2 deletions
9
socket.c
9
socket.c
|
|
@ -268,9 +268,9 @@ static int
|
|||
set_socket_flags(int sock_fd, int flags)
|
||||
{
|
||||
/* Close the socket automatically on exec */
|
||||
if (
|
||||
if (!SCK_IsReusable(sock_fd) &&
|
||||
#ifdef SOCK_CLOEXEC
|
||||
(SCK_IsReusable(sock_fd) || (supported_socket_flags & SOCK_CLOEXEC) == 0) &&
|
||||
(supported_socket_flags & SOCK_CLOEXEC) == 0 &&
|
||||
#endif
|
||||
!UTI_FdSetCloexec(sock_fd))
|
||||
return 0;
|
||||
|
|
@ -1295,6 +1295,8 @@ SCK_PreInitialise(void)
|
|||
void
|
||||
SCK_Initialise(int family)
|
||||
{
|
||||
int fd;
|
||||
|
||||
ip4_enabled = family == IPADDR_INET4 || family == IPADDR_UNSPEC;
|
||||
#ifdef FEAT_IPV6
|
||||
ip6_enabled = family == IPADDR_INET6 || family == IPADDR_UNSPEC;
|
||||
|
|
@ -1323,6 +1325,9 @@ SCK_Initialise(int family)
|
|||
supported_socket_flags |= SOCK_NONBLOCK;
|
||||
#endif
|
||||
|
||||
for (fd = first_reusable_fd; fd < first_reusable_fd + reusable_fds; fd++)
|
||||
UTI_FdSetCloexec(fd);
|
||||
|
||||
initialised = 1;
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue