[PATCH] Avoid leaking netlink socket fd to external programs

[Alan Jenkins <alan-jenkins@tuffmail.co.uk>]

The netlink socket is now used by udev event processes. We should take
care not to pass it to the programs they execute. This is the same way
the inotify fd was handled.

Signed-off-by: Alan Jenkins <alan-jenkins@tuffmail.co.uk>
---
 udev/lib/libudev-monitor.c |    3 +++
 udev/lib/libudev-private.h |    1 +
 udev/lib/libudev-util.c    |   12 ++++++++++++
 udev/udev-watch.c          |   13 +++----------
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/udev/lib/libudev-monitor.c b/udev/lib/libudev-monitor.c
index d006596..a8b1a4e 100644
--- a/udev/lib/libudev-monitor.c
+++ b/udev/lib/libudev-monitor.c
@@ -92,6 +92,8 @@ struct udev_monitor *udev_monitor_new_from_socket(struct udev *udev, const char
 		free(udev_monitor);
 		return NULL;
 	}
+	util_set_fd_cloexec(udev_monitor->sock);
+
 	dbg(udev, "monitor %p created with '%s'\n", udev_monitor, socket_path);
 	return udev_monitor;
 }
@@ -125,6 +127,7 @@ struct udev_monitor *udev_monitor_new_from_netlink(struct udev *udev, const char
 		free(udev_monitor);
 		return NULL;
 	}
+	util_set_fd_cloexec(udev_monitor->sock);
 
 	udev_monitor->snl.nl_family = AF_NETLINK;
 	udev_monitor->snl.nl_groups = group;
diff --git a/udev/lib/libudev-private.h b/udev/lib/libudev-private.h
index c7b74a4..1e47d51 100644
--- a/udev/lib/libudev-private.h
+++ b/udev/lib/libudev-private.h
@@ -172,4 +172,5 @@ extern size_t util_strlcat(char *dst, const char *src, size_t size);
 extern int udev_util_replace_whitespace(const char *str, char *to, size_t len);
 extern int udev_util_replace_chars(char *str, const char *white);
 extern int udev_util_encode_string(const char *str, char *str_enc, size_t len);
+extern void util_set_fd_cloexec(int fd);
 #endif
diff --git a/udev/lib/libudev-util.c b/udev/lib/libudev-util.c
index 867a41d..b628fdd 100644
--- a/udev/lib/libudev-util.c
+++ b/udev/lib/libudev-util.c
@@ -448,3 +448,15 @@ int udev_util_encode_string(const char *str, char *str_enc, size_t len)
 err:
 	return -1;
 }
+
+void util_set_fd_cloexec(int fd)
+{
+	int flags;
+
+	flags = fcntl(fd, F_GETFD);
+	if (flags < 0)
+		flags = FD_CLOEXEC;
+	else
+		flags |= FD_CLOEXEC;
+	fcntl(fd, F_SETFD, flags);
+}
diff --git a/udev/udev-watch.c b/udev/udev-watch.c
index e2c096a..d333476 100644
--- a/udev/udev-watch.c
+++ b/udev/udev-watch.c
@@ -41,16 +41,9 @@ int inotify_fd = -1;
 void udev_watch_init(struct udev *udev)
 {
 	inotify_fd = inotify_init();
-	if (inotify_fd >= 0) {
-		int flags;
-
-		flags = fcntl(inotify_fd, F_GETFD);
-		if (flags < 0)
-			flags = FD_CLOEXEC;
-		else
-			flags |= FD_CLOEXEC;
-		fcntl(inotify_fd, F_SETFD, flags);
-	} else if (errno = ENOSYS)
+	if (inotify_fd >= 0)
+		util_set_fd_cloexec(inotify_fd);
+	else if (errno = ENOSYS)
 		info(udev, "unable to use inotify, udevd will not monitor rule files changes\n");
 	else
 		err(udev, "inotify_init failed: %m\n");
-- 
1.5.4.3