setns.2: EXAMPLE: use O_CLOEXEC when opening namespace file descriptor

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>

diff --git a/man2/setns.2 b/man2/setns.2
index c31c55cbc2a521e65c50d150ce7967a4e3f22b3b..7e38eefcfdf5f27de0d26c4d5093479bdb396889 100644 (file)
--- a/man2/setns.2
+++ b/man2/setns.2
@@ -396,7 +396,11 @@ main(int argc, char *argv[])
         exit(EXIT_FAILURE);
     }
 
-    fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
+    /* Get file descriptor for namespace; the file descriptor is opened with
+       O_CLOEXEC so as to ensure that it is not inherited by the program that
+       is later executed. */
+
+    fd = open(argv[1], O_RDONLY | O_CLOEXEC);
     if (fd == \-1)
         errExit("open");