From: Willy Tarreau <w@1wt.eu>
Date: Mon, 25 Nov 2024 07:43:25 +0000 (+0100)
Subject: BUILD: init: use the more portable FD_CLOEXEC for /dev/null
X-Git-Tag: v3.1.0~32
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a3613d239b9ce02970851e59089afd4db21091a4;p=thirdparty%2Fhaproxy.git

BUILD: init: use the more portable FD_CLOEXEC for /dev/null

In 3.1-dev10, commit 8dd4efe42f ("MAJOR: mworker: move master-worker
fork in init()"), the FD associated to /dev/null was made CLOEXEC
using O_CLOEXEC. Unfortunately this is not portable on older OSes,
doesn't build on Solaris for example, and was even reported as breaking
moderately old Linux OSes for other projects. Better not use it unless
absolutely certain it will work (currently we only use it for Linux
namespaces, which are optional), and use the conventional FD_CLOEXEC
instead.

No backport is needed.
---

diff --git a/src/haproxy.c b/src/haproxy.c
index 4fbead400a..a3a36bbb1a 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -3920,11 +3920,16 @@ int main(int argc, char **argv)
 
 	/* End of initialization for standalone and worker modes */
 	if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
-		devnullfd = open("/dev/null", (O_RDWR | O_CLOEXEC), 0);
+		devnullfd = open("/dev/null", O_RDWR, 0);
 		if (devnullfd < 0) {
 			ha_alert("Cannot open /dev/null\n");
 			exit(EXIT_FAILURE);
 		}
+		if (fcntl(devnullfd, FD_CLOEXEC) != 0) {
+			ha_alert("Cannot make /dev/null CLOEXEC\n");
+			close(devnullfd);
+			exit(EXIT_FAILURE);
+		}
 	}
 
         /* applies the renice value in the worker or standalone after configuration parsing