From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 29 May 2024 11:50:54 +0200
Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked
 generators

We should really have set O_CLOEXEC for all our fds, but better be safe
than sorry.
---
 src/shared/exec-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index dc0974572f..ac1c150ab1 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -58,7 +58,7 @@ static int do_spawn(
                         "(direxec)",
                         (const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },
                         /* except_fds= */ NULL, /* n_except_fds= */ 0,
-                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO,
+                        FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS,
                         &pid);
         if (r < 0)
                 return r;
-- 
2.45.0