From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Jul 2016 11:12:01 +0000 (+0200)
Subject: execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes
X-Git-Tag: v231~29^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=33df919d5c4de51b88244d2e82ffe5c9c8abe950;p=thirdparty%2Fsystemd.git

execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes
---

diff --git a/src/core/execute.c b/src/core/execute.c
index 40466ad53c1..7c178b97c30 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3062,7 +3062,7 @@ int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
                 return r;
 
         if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
-                if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
+                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, (*rt)->netns_storage_socket) < 0)
                         return -errno;
         }