From a25acf70fec11e521129ad91ea93dee74c56fb62 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 29 May 2024 11:50:54 +0200
Subject: [PATCH] exec-util: make sure to close all fds for invoked generators

We should really have set O_CLOEXEC for all our fds, but better be safe
than sorry.
---
 src/shared/exec-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index 575e4de786c..996edbf997a 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -58,7 +58,7 @@ static int do_spawn(
                         "(direxec)",
                         (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },
                         /* except_fds= */ NULL, /* n_except_fds= */ 0,
-                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO,
+                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS,
                         &pid);
         if (r < 0)
                 return r;
-- 
2.47.3