sandbox: Make sure eventfd is CLOEXEC

author Daan De Meyer <daan@amutable.com>

Sat, 14 Feb 2026 13:40:18 +0000 (14:40 +0100)

committer Jörg Behrmann <behrmann@physik.fu-berlin.de>

Sat, 14 Feb 2026 14:17:42 +0000 (15:17 +0100)
author Daan De Meyer <daan@amutable.com>
Sat, 14 Feb 2026 13:40:18 +0000 (14:40 +0100)
committer Jörg Behrmann <behrmann@physik.fu-berlin.de>
Sat, 14 Feb 2026 14:17:42 +0000 (15:17 +0100)
diff --git a/mkosi/sandbox.py b/mkosi/sandbox.py

index 684c2dfb47a5261d7b34b969985f0f136c2b6602..bfe26c2c9da97ea9b08e7223c68adf4be698118d 100755 (executable)
--- a/mkosi/sandbox.py
+++ b/mkosi/sandbox.py
@@ -46,6 +46,7 @@ CLONE_NEWNET = 0x40000000
  CLONE_NEWNS = 0x00020000
  CLONE_NEWUSER = 0x10000000
  EBADF = 9
+EFD_CLOEXEC = 0x80000
  ENAMETOOLONG = 36
  EPERM = 1
  ENOENT = 2
@@ -605,7 +606,7 @@ def become_user(uid: int, gid: int) -> None:
  
      ppid = os.getpid()
  
-    event = libc.eventfd(0, 0)
+    event = libc.eventfd(0, EFD_CLOEXEC)
      if event < 0:
          oserror("eventfd")
author	Daan De Meyer <daan@amutable.com>
	Sat, 14 Feb 2026 13:40:18 +0000 (14:40 +0100)
committer	Jörg Behrmann <behrmann@physik.fu-berlin.de>
	Sat, 14 Feb 2026 14:17:42 +0000 (15:17 +0100)