From 298743a5730852395b2c558da7a4b13721d789b5 Mon Sep 17 00:00:00 2001
From: Michael Kerrisk <mtk.manpages@gmail.com>
Date: Fri, 17 Jul 2020 09:22:52 +0200
Subject: [PATCH] setns.2: EXAMPLE: use O_CLOEXEC when opening namespace file
 descriptor

Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
---
 man2/setns.2 | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/man2/setns.2 b/man2/setns.2
index c31c55cbc2..7e38eefcfd 100644
--- a/man2/setns.2
+++ b/man2/setns.2
@@ -396,7 +396,11 @@ main(int argc, char *argv[])
         exit(EXIT_FAILURE);
     }
 
-    fd = open(argv[1], O_RDONLY); /* Get file descriptor for namespace */
+    /* Get file descriptor for namespace; the file descriptor is opened with
+       O_CLOEXEC so as to ensure that it is not inherited by the program that
+       is later executed. */
+
+    fd = open(argv[1], O_RDONLY | O_CLOEXEC);
     if (fd == \-1)
         errExit("open");
 
-- 
2.47.2