apparmor: use fopen_cloexec

author Wolfgang Bumiller <w.bumiller@proxmox.com>

Wed, 25 Jul 2018 10:06:16 +0000 (12:06 +0200)

committer Wolfgang Bumiller <w.bumiller@proxmox.com>

Wed, 25 Jul 2018 10:12:25 +0000 (12:12 +0200)
author Wolfgang Bumiller <w.bumiller@proxmox.com>
Wed, 25 Jul 2018 10:06:16 +0000 (12:06 +0200)
committer Wolfgang Bumiller <w.bumiller@proxmox.com>
Wed, 25 Jul 2018 10:12:25 +0000 (12:12 +0200)
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c

index 95b61943ee21c548720fcac5d04fcbdddcab95ab..5fe6d525673cc9f65e127d8f59f054bfd963e455 100644 (file)
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -32,6 +32,7 @@
  #include "lsm.h"
  #include "conf.h"
  #include "utils.h"
+#include "initutils.h"
  
  lxc_log_define(apparmor, lsm);
  
@@ -68,7 +69,7 @@ static int apparmor_enabled(void)
         char e;
         int ret;
  
-       fin = fopen(AA_ENABLED_FILE, "r");
+       fin = fopen_cloexec(AA_ENABLED_FILE, "r");
         if (!fin)
                 return 0;
         ret = fscanf(fin, "%c", &e);
@@ -95,7 +96,7 @@ static char *apparmor_process_label_get(pid_t pid)
                 return NULL;
         }
  again:
-       f = fopen(path, "r");
+       f = fopen_cloexec(path, "r");
         if (!f) {
                 SYSERROR("opening %s", path);
                 free(buf);
author	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Wed, 25 Jul 2018 10:06:16 +0000 (12:06 +0200)
committer	Wolfgang Bumiller <w.bumiller@proxmox.com>
	Wed, 25 Jul 2018 10:12:25 +0000 (12:12 +0200)