a8a561
diff -up mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp.build-sandbox mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp
a8a561
--- mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp.build-sandbox	2015-12-16 16:47:02.000000000 +0100
a8a561
+++ mozilla-aurora/security/sandbox/linux/broker/SandboxBroker.cpp	2016-01-21 15:34:59.168878105 +0100
a8a561
@@ -201,7 +201,7 @@ AllowAccess(int aReqFlags, int aPerms)
a8a561
 // on this process.  These shouldn't be relevant to the child process
a8a561
 // in any case due to the sandboxing restrictions on it.  (See also
a8a561
 // the use of MSG_CMSG_CLOEXEC in SandboxBrokerCommon.cpp).
a8a561
-static const int kRequiredOpenFlags = O_CLOEXEC | O_NOCTTY;
a8a561
+static const int kRequiredOpenFlags = O_NOCTTY;
a8a561
 
a8a561
 // Linux originally assigned a flag bit to O_SYNC but implemented the
a8a561
 // semantics standardized as O_DSYNC; later, that bit was renamed and
a8a561
@@ -212,7 +212,7 @@ static const int kRequiredOpenFlags = O_
a8a561
 static const int kAllowedOpenFlags =
a8a561
   O_APPEND | O_ASYNC | O_DIRECT | O_DIRECTORY | O_EXCL | O_LARGEFILE
a8a561
   | O_NOATIME | O_NOCTTY | O_NOFOLLOW | O_NONBLOCK | O_NDELAY | O_SYNC_NEW
a8a561
-  | O_TRUNC | O_CLOEXEC | O_CREAT;
a8a561
+  | O_TRUNC | O_CREAT;
a8a561
 #undef O_SYNC_NEW
a8a561
 
a8a561
 static bool
a8a561
@@ -358,6 +358,7 @@ SandboxBroker::ThreadMain(void)
a8a561
           // new ones).
a8a561
           openedFd = open(pathBuf, req.mFlags | kRequiredOpenFlags, 0600);
a8a561
           if (openedFd >= 0) {
a8a561
+            fcntl(openedFd, F_SETFD, fcntl(openedFd, F_GETFD, 0) | FD_CLOEXEC);
a8a561
             resp.mError = 0;
a8a561
           } else {
a8a561
             resp.mError = errno;
a8a561
diff -up mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp.build-sandbox mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp
a8a561
--- mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp.build-sandbox	2016-01-21 15:48:55.807532739 +0100
a8a561
+++ mozilla-aurora/security/sandbox/linux/SandboxBrokerClient.cpp	2016-01-21 15:49:26.163518779 +0100
a8a561
@@ -149,9 +149,10 @@ SandboxBrokerClient::Open(const char* aP
a8a561
   int maybeFd = DoCall(&req, aPath, nullptr, true);
a8a561
   if (maybeFd >= 0) {
a8a561
     // NSPR has opinions about file flags.  Fix O_CLOEXEC.
a8a561
-    if ((aFlags & O_CLOEXEC) == 0) {
a8a561
-      fcntl(maybeFd, F_SETFD, 0);
a8a561
-    }
a8a561
+    // O_CLOEXEC is not available in RHEL5
a8a561
+    //if ((aFlags & O_CLOEXEC) == 0) {
a8a561
+    //  fcntl(maybeFd, F_SETFD, 0);
a8a561
+    //}
a8a561
   }
a8a561
   return maybeFd;
a8a561
 }