From 8263be4e65e565d8abb1d00f1c0e6ca9af44a4d1 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 29 May 2024 11:50:54 +0200
Subject: [PATCH 3/3] exec-util: make sure to close all fds for invoked
generators
We should really have set O_CLOEXEC for all our fds, but better be safe
than sorry.
---
src/shared/exec-util.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/shared/exec-util.c b/src/shared/exec-util.c
index dc0974572f..ac1c150ab1 100644
--- a/src/shared/exec-util.c
+++ b/src/shared/exec-util.c
@@ -58,7 +58,7 @@ static int do_spawn(
"(direxec)",
(const int[]) { STDIN_FILENO, stdout_fd < 0 ? STDOUT_FILENO : stdout_fd, STDERR_FILENO },
/* except_fds= */ NULL, /* n_except_fds= */ 0,
- FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO,
+ FORK_DEATHSIG_SIGTERM|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE|FORK_REARRANGE_STDIO|FORK_CLOSE_ALL_FDS,
&pid);
if (r < 0)
return r;
--
2.45.0