From e23c2e8bed7db1f12d026e8036464edba1fe309d Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 26 Feb 2025 09:10:16 +0100
Subject: [PATCH] tpm2-setup: add missing O_CLOEXEC at two places

(cherry picked from commit f4e5a730002fa7ed714b89775c3e5fae6d003aae)
---
 src/tpm2-setup/tpm2-setup.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
index ee9d243d5ee..424ab9ac32d 100644
--- a/src/tpm2-setup/tpm2-setup.c
+++ b/src/tpm2-setup/tpm2-setup.c
@@ -338,7 +338,7 @@ static int run(int argc, char *argv[]) {
         /* Write out public key (note that we only do that as a help to the user, we don't make use of this ever */
         _cleanup_(unlink_and_freep) char *t = NULL;
         _cleanup_fclose_ FILE *f = NULL;
-        r = fopen_tmpfile_linkable(pem_path, O_WRONLY, &t, &f);
+        r = fopen_tmpfile_linkable(pem_path, O_WRONLY|O_CLOEXEC, &t, &f);
         if (r < 0)
                 return log_error_errno(r, "Failed to open SRK public key file '%s' for writing: %m", pem_path);
 
@@ -365,7 +365,7 @@ static int run(int argc, char *argv[]) {
         (void) mkdir_parents(tpm2b_public_path, 0755);
 
         /* Now also write this out in TPM2B_PUBLIC format */
-        r = fopen_tmpfile_linkable(tpm2b_public_path, O_WRONLY, &t, &f);
+        r = fopen_tmpfile_linkable(tpm2b_public_path, O_WRONLY|O_CLOEXEC, &t, &f);
         if (r < 0)
                 return log_error_errno(r, "Failed to open SRK public key file '%s' for writing: %m", tpm2b_public_path);
 
-- 
2.47.3