execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes

author Lennart Poettering <lennart@poettering.net>

Thu, 14 Jul 2016 11:12:01 +0000 (13:12 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)
author Lennart Poettering <lennart@poettering.net>
Thu, 14 Jul 2016 11:12:01 +0000 (13:12 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)
diff --git a/src/core/execute.c b/src/core/execute.c

index 40466ad53c1fcc9003cc175ab2677c8e1ca11fa9..7c178b97c30e596e879d45faff1d60cf0b1d640d 100644 (file)
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3062,7 +3062,7 @@ int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
                  return r;
  
          if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
-                if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
+                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, (*rt)->netns_storage_socket) < 0)
                          return -errno;
          }
author	Lennart Poettering <lennart@poettering.net>
	Thu, 14 Jul 2016 11:12:01 +0000 (13:12 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 20 Jul 2016 12:53:15 +0000 (14:53 +0200)