From: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
Date: Fri, 17 Mar 2023 12:43:34 +0000 (+0100)
Subject: tree-wide: convert fcntl(FD_CLOEXEC) to SOCK_CLOEXEC
X-Git-Tag: v6.0.0~62^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3c1453a38d07b8c92b1a7e6b204b454224c1c924;p=thirdparty%2Flxc.git

tree-wide: convert fcntl(FD_CLOEXEC) to SOCK_CLOEXEC

- replace accept() + fcntl(FD_CLOEXEC) with accept4(..., SOCK_CLOEXEC)
- remove fcntl(FD_CLOEXEC) in lxc_server_init() as we already set
SOCK_CLOEXEC in lxc_abstract_unix_open().

See also: ad9429e52 ("tree-wide: make socket SOCK_CLOEXEC")
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
---

diff --git a/src/lxc/cmd/lxc_monitord.c b/src/lxc/cmd/lxc_monitord.c
index a194fbea8..5fe806131 100644
--- a/src/lxc/cmd/lxc_monitord.c
+++ b/src/lxc/cmd/lxc_monitord.c
@@ -159,17 +159,12 @@ static int lxc_monitord_sock_accept(int fd, uint32_t events, void *data,
 	socklen_t credsz = sizeof(cred);
 
 	ret = LXC_MAINLOOP_ERROR;
-	clientfd = accept(fd, NULL, 0);
+	clientfd = accept4(fd, NULL, 0, SOCK_CLOEXEC);
 	if (clientfd < 0) {
 		SYSERROR("Failed to accept connection for client file descriptor %d", fd);
 		goto out;
 	}
 
-	if (fcntl(clientfd, F_SETFD, FD_CLOEXEC)) {
-		SYSERROR("Failed to set FD_CLOEXEC on client socket connection %d", clientfd);
-		goto err1;
-	}
-
 	if (getsockopt(clientfd, SOL_SOCKET, SO_PEERCRED, &cred, &credsz)) {
 		SYSERROR("Failed to get credentials on client socket connection %d", clientfd);
 		goto err1;
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 07be1d535..a9c290969 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -2080,14 +2080,10 @@ static int lxc_cmd_accept(int fd, uint32_t events, void *data,
 	__do_close int connection = -EBADF;
 	int opt = 1, ret = -1;
 
-	connection = accept(fd, NULL, 0);
+	connection = accept4(fd, NULL, 0, SOCK_CLOEXEC);
 	if (connection < 0)
 		return log_error_errno(LXC_MAINLOOP_ERROR, errno, "Failed to accept connection to run command");
 
-	ret = fcntl(connection, F_SETFD, FD_CLOEXEC);
-	if (ret < 0)
-		return log_error_errno(ret, errno, "Failed to set close-on-exec on incoming command connection");
-
 	ret = setsockopt(connection, SOL_SOCKET, SO_PASSCRED, &opt, sizeof(opt));
 	if (ret < 0)
 		return log_error_errno(ret, errno, "Failed to enable necessary credentials on command socket");
@@ -2122,10 +2118,6 @@ int lxc_server_init(const char *name, const char *lxcpath, const char *suffix)
 		return log_error_errno(-1, errno, "Failed to create command socket %s", &path[1]);
 	}
 
-	ret = fcntl(fd, F_SETFD, FD_CLOEXEC);
-	if (ret < 0)
-		return log_error_errno(-1, errno, "Failed to set FD_CLOEXEC on command socket file descriptor");
-
 	return log_trace(move_fd(fd), "Created abstract unix socket \"%s\"", &path[1]);
 }