From: "Maciej Żenczykowski" <zenczykowski@gmail.com>
To: "Maciej Żenczykowski" <maze@google.com>
Cc: netfilter-devel@vger.kernel.org, "Maciej Żenczykowski" <maze@google.com>
Subject: [PATCH 02/17] mark newly opened fds as FD_CLOEXEC (close on exec)
Date: Thu, 31 Mar 2011 21:27:18 -0700 [thread overview]
Message-ID: <1301632053-3694-2-git-send-email-zenczykowski@gmail.com> (raw)
In-Reply-To: <AANLkTika7Hgg=AUkkoDE0QroXKnJvA8fr23q-trk8Wbv@mail.gmail.com>
From: Maciej Żenczykowski <maze@google.com>
(This is iptables-1.4.3.1-cloexec.patch from RedHat iptables.src.rpm)
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
extensions/libipt_realm.c | 2 +-
ip6tables-restore.c | 2 +-
ip6tables-save.c | 2 +-
iptables-restore.c | 2 +-
iptables-save.c | 2 +-
iptables-xml.c | 2 +-
xtables.c | 11 +++++++++++
7 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/extensions/libipt_realm.c b/extensions/libipt_realm.c
index a250570..17b1754 100644
--- a/extensions/libipt_realm.c
+++ b/extensions/libipt_realm.c
@@ -49,7 +49,7 @@ static void load_realms(void)
int id;
struct realmname *oldnm = NULL, *newnm = NULL;
- fil = fopen(rfnm, "r");
+ fil = fopen(rfnm, "re");
if (!fil) {
rdberr = 1;
return;
diff --git a/ip6tables-restore.c b/ip6tables-restore.c
index e9a130f..10c3acf 100644
--- a/ip6tables-restore.c
+++ b/ip6tables-restore.c
@@ -168,7 +168,7 @@ int main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff --git a/ip6tables-save.c b/ip6tables-save.c
index dc189e9..c3b8ec0 100644
--- a/ip6tables-save.c
+++ b/ip6tables-save.c
@@ -41,7 +41,7 @@ static int for_each_table(int (*func)(const char *tablename))
FILE *procfile = NULL;
char tablename[IP6T_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip6_tables_names", "r");
+ procfile = fopen("/proc/net/ip6_tables_names", "re");
if (!procfile)
return ret;
diff --git a/iptables-restore.c b/iptables-restore.c
index 31ce52b..c2cc58c 100644
--- a/iptables-restore.c
+++ b/iptables-restore.c
@@ -174,7 +174,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s\n", argv[optind],
strerror(errno));
diff --git a/iptables-save.c b/iptables-save.c
index 3bcf422..3e3ec43 100644
--- a/iptables-save.c
+++ b/iptables-save.c
@@ -39,7 +39,7 @@ static int for_each_table(int (*func)(const char *tablename))
FILE *procfile = NULL;
char tablename[IPT_TABLE_MAXNAMELEN+1];
- procfile = fopen("/proc/net/ip_tables_names", "r");
+ procfile = fopen("/proc/net/ip_tables_names", "re");
if (!procfile)
return ret;
diff --git a/iptables-xml.c b/iptables-xml.c
index 8d67056..57c7486 100644
--- a/iptables-xml.c
+++ b/iptables-xml.c
@@ -651,7 +651,7 @@ main(int argc, char *argv[])
}
if (optind == argc - 1) {
- in = fopen(argv[optind], "r");
+ in = fopen(argv[optind], "re");
if (!in) {
fprintf(stderr, "Can't open %s: %s", argv[optind],
strerror(errno));
diff --git a/xtables.c b/xtables.c
index 2f00e39..352963f 100644
--- a/xtables.c
+++ b/xtables.c
@@ -300,6 +300,11 @@ static char *get_modprobe(void)
procfile = open(PROC_SYS_MODPROBE, O_RDONLY);
if (procfile < 0)
return NULL;
+ if (fcntl(procfile, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
ret = malloc(PROCFILE_BUFSIZ);
if (ret) {
@@ -697,6 +702,12 @@ static int compatible_revision(const char *name, uint8_t revision, int opt)
exit(1);
}
+ if (fcntl(sockfd, F_SETFD, FD_CLOEXEC) == -1) {
+ fprintf(stderr, "Could not set close on exec: %s\n",
+ strerror(errno));
+ exit(1);
+ }
+
xtables_load_ko(xtables_modprobe_program, true);
strcpy(rev.name, name);
--
1.7.3.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2011-04-01 4:28 UTC|newest]
Thread overview: 43+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-04-01 4:24 A small series of iptables userspace cleanups Maciej Żenczykowski
2011-04-01 4:27 ` [PATCH 01/17] man pages: allow underscores in match and target names Maciej Żenczykowski
2011-04-04 13:30 ` Patrick McHardy
2011-04-01 4:27 ` Maciej Żenczykowski [this message]
2011-04-01 9:31 ` [PATCH 02/17] mark newly opened fds as FD_CLOEXEC (close on exec) Jan Engelhardt
2011-04-01 21:34 ` Maciej Żenczykowski
2011-04-04 12:58 ` Patrick McHardy
2011-04-04 13:00 ` Jan Engelhardt
2011-04-04 13:30 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 03/17] xtables_ip6addr_to_numeric: fix typo in comment Maciej Żenczykowski
2011-04-04 13:31 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 04/17] Delay (statically built) match/target initialization Maciej Żenczykowski
2011-04-04 13:32 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 05/17] v4: rename init_extensions() to init_extensions4() Maciej Żenczykowski
2011-04-01 10:15 ` Jan Engelhardt
2011-04-01 21:38 ` Maciej Żenczykowski
2011-04-04 13:33 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 06/17] v6: rename init_extensions() to init_extensions6() Maciej Żenczykowski
2011-04-04 13:33 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 07/17] xtables.h: init_extensions() no longer exists Maciej Żenczykowski
2011-04-04 13:34 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 08/17] v4: rename for_each_chain() to for_each_chain4() Maciej Żenczykowski
2011-04-04 13:34 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 09/17] v6: rename for_each_chain() to for_each_chain6() Maciej Żenczykowski
2011-04-04 13:35 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 10/17] v4: rename flush_entries() to flush_entries4() Maciej Żenczykowski
2011-04-04 13:35 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 11/17] v6: rename flush_entries() to flush_entries6() Maciej Żenczykowski
2011-04-04 13:36 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 12/17] v4: rename delete_chain() to delete_chain4() Maciej Żenczykowski
2011-04-04 13:36 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 13/17] v6: rename delete_chain() to delete_chain6() Maciej Żenczykowski
2011-04-04 13:37 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 14/17] v4: rename print_rule() to print_rule4() Maciej Żenczykowski
2011-04-04 13:37 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 15/17] v6: rename print_rule() to print_rule6() Maciej Żenczykowski
2011-04-04 13:38 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 16/17] v4: rename do_command() to do_command4() Maciej Żenczykowski
2011-04-04 13:38 ` Patrick McHardy
2011-04-01 4:27 ` [PATCH 17/17] v6: rename do_command() to do_command6() Maciej Żenczykowski
2011-04-04 13:40 ` Patrick McHardy
2011-04-04 19:33 ` Maciej Żenczykowski
2011-04-04 19:48 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1301632053-3694-2-git-send-email-zenczykowski@gmail.com \
--to=zenczykowski@gmail.com \
--cc=maze@google.com \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.