Use O_CLOEXEC in most places
This commit is contained in:
parent
9bdd949cfd
commit
202683a4fc
9 changed files with 23 additions and 19 deletions
|
@ -80,7 +80,7 @@ static char buf[1024];]],
|
||||||
AC_LANG_POP(C++)
|
AC_LANG_POP(C++)
|
||||||
|
|
||||||
|
|
||||||
AC_CHECK_FUNCS([statvfs])
|
AC_CHECK_FUNCS([statvfs pipe2])
|
||||||
|
|
||||||
|
|
||||||
# Check for lutimes, optionally used for changing the mtime of
|
# Check for lutimes, optionally used for changing the mtime of
|
||||||
|
|
|
@ -509,10 +509,9 @@ void UserLock::acquire()
|
||||||
/* We already have a lock on this one. */
|
/* We already have a lock on this one. */
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600);
|
AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
throw SysError(format("opening user lock ‘%1%’") % fnUserLock);
|
throw SysError(format("opening user lock ‘%1%’") % fnUserLock);
|
||||||
closeOnExec(fd);
|
|
||||||
|
|
||||||
if (lockFile(fd, ltWrite, false)) {
|
if (lockFile(fd, ltWrite, false)) {
|
||||||
fdUserLock = fd.borrow();
|
fdUserLock = fd.borrow();
|
||||||
|
|
|
@ -33,10 +33,9 @@ int LocalStore::openGCLock(LockType lockType)
|
||||||
|
|
||||||
debug(format("acquiring global GC lock ‘%1%’") % fnGCLock);
|
debug(format("acquiring global GC lock ‘%1%’") % fnGCLock);
|
||||||
|
|
||||||
AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600);
|
AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
|
||||||
if (fdGCLock == -1)
|
if (fdGCLock == -1)
|
||||||
throw SysError(format("opening global GC lock ‘%1%’") % fnGCLock);
|
throw SysError(format("opening global GC lock ‘%1%’") % fnGCLock);
|
||||||
closeOnExec(fdGCLock);
|
|
||||||
|
|
||||||
if (!lockFile(fdGCLock, lockType, false)) {
|
if (!lockFile(fdGCLock, lockType, false)) {
|
||||||
printMsg(lvlError, format("waiting for the big garbage collector lock..."));
|
printMsg(lvlError, format("waiting for the big garbage collector lock..."));
|
||||||
|
@ -211,7 +210,7 @@ void LocalStore::readTempRoots(PathSet & tempRoots, FDs & fds)
|
||||||
Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str();
|
Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str();
|
||||||
|
|
||||||
debug(format("reading temporary root file ‘%1%’") % path);
|
debug(format("reading temporary root file ‘%1%’") % path);
|
||||||
FDPtr fd(new AutoCloseFD(open(path.c_str(), O_RDWR, 0666)));
|
FDPtr fd(new AutoCloseFD(open(path.c_str(), O_CLOEXEC | O_RDWR, 0666)));
|
||||||
if (*fd == -1) {
|
if (*fd == -1) {
|
||||||
/* It's okay if the file has disappeared. */
|
/* It's okay if the file has disappeared. */
|
||||||
if (errno == ENOENT) continue;
|
if (errno == ENOENT) continue;
|
||||||
|
|
|
@ -117,7 +117,7 @@ LocalStore::LocalStore(const Params & params)
|
||||||
if (stat(reservedPath.c_str(), &st) == -1 ||
|
if (stat(reservedPath.c_str(), &st) == -1 ||
|
||||||
st.st_size != settings.reservedSize)
|
st.st_size != settings.reservedSize)
|
||||||
{
|
{
|
||||||
AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT, 0600);
|
AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, 0600);
|
||||||
int res = -1;
|
int res = -1;
|
||||||
#if HAVE_POSIX_FALLOCATE
|
#if HAVE_POSIX_FALLOCATE
|
||||||
res = posix_fallocate(fd, 0, settings.reservedSize);
|
res = posix_fallocate(fd, 0, settings.reservedSize);
|
||||||
|
@ -1245,7 +1245,7 @@ static void makeMutable(const Path & path)
|
||||||
/* The O_NOFOLLOW is important to prevent us from changing the
|
/* The O_NOFOLLOW is important to prevent us from changing the
|
||||||
mutable bit on the target of a symlink (which would be a
|
mutable bit on the target of a symlink (which would be a
|
||||||
security hole). */
|
security hole). */
|
||||||
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW);
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
|
||||||
if (fd == -1) {
|
if (fd == -1) {
|
||||||
if (errno == ELOOP) return; // it's a symlink
|
if (errno == ELOOP) return; // it's a symlink
|
||||||
throw SysError(format("opening file ‘%1%’") % path);
|
throw SysError(format("opening file ‘%1%’") % path);
|
||||||
|
|
|
@ -16,12 +16,10 @@ int openLockFile(const Path & path, bool create)
|
||||||
{
|
{
|
||||||
AutoCloseFD fd;
|
AutoCloseFD fd;
|
||||||
|
|
||||||
fd = open(path.c_str(), O_RDWR | (create ? O_CREAT : 0), 0600);
|
fd = open(path.c_str(), O_CLOEXEC | O_RDWR | (create ? O_CREAT : 0), 0600);
|
||||||
if (fd == -1 && (create || errno != ENOENT))
|
if (fd == -1 && (create || errno != ENOENT))
|
||||||
throw SysError(format("opening lock file ‘%1%’") % path);
|
throw SysError(format("opening lock file ‘%1%’") % path);
|
||||||
|
|
||||||
closeOnExec(fd);
|
|
||||||
|
|
||||||
return fd.borrow();
|
return fd.borrow();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -61,7 +61,11 @@ ref<RemoteStore::Connection> RemoteStore::openConnection()
|
||||||
auto conn = make_ref<Connection>();
|
auto conn = make_ref<Connection>();
|
||||||
|
|
||||||
/* Connect to a daemon that does the privileged work for us. */
|
/* Connect to a daemon that does the privileged work for us. */
|
||||||
conn->fd = socket(PF_UNIX, SOCK_STREAM, 0);
|
conn->fd = socket(PF_UNIX, SOCK_STREAM
|
||||||
|
#ifdef SOCK_CLOEXEC
|
||||||
|
| SOCK_CLOEXEC
|
||||||
|
#endif
|
||||||
|
, 0);
|
||||||
if (conn->fd == -1)
|
if (conn->fd == -1)
|
||||||
throw SysError("cannot create Unix domain socket");
|
throw SysError("cannot create Unix domain socket");
|
||||||
closeOnExec(conn->fd);
|
closeOnExec(conn->fd);
|
||||||
|
|
|
@ -41,7 +41,7 @@ static void dumpContents(const Path & path, size_t size,
|
||||||
{
|
{
|
||||||
sink << "contents" << size;
|
sink << "contents" << size;
|
||||||
|
|
||||||
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
|
if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
|
||||||
|
|
||||||
unsigned char buf[65536];
|
unsigned char buf[65536];
|
||||||
|
@ -304,7 +304,7 @@ struct RestoreSink : ParseSink
|
||||||
{
|
{
|
||||||
Path p = dstPath + path;
|
Path p = dstPath + path;
|
||||||
fd.close();
|
fd.close();
|
||||||
fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0666);
|
fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC, 0666);
|
||||||
if (fd == -1) throw SysError(format("creating file ‘%1%’") % p);
|
if (fd == -1) throw SysError(format("creating file ‘%1%’") % p);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -254,7 +254,7 @@ Hash hashFile(HashType ht, const Path & path)
|
||||||
Hash hash(ht);
|
Hash hash(ht);
|
||||||
start(ht, ctx);
|
start(ht, ctx);
|
||||||
|
|
||||||
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
|
if (fd == -1) throw SysError(format("opening file ‘%1%’") % path);
|
||||||
|
|
||||||
unsigned char buf[8192];
|
unsigned char buf[8192];
|
||||||
|
|
|
@ -273,7 +273,7 @@ string readFile(int fd)
|
||||||
|
|
||||||
string readFile(const Path & path, bool drain)
|
string readFile(const Path & path, bool drain)
|
||||||
{
|
{
|
||||||
AutoCloseFD fd = open(path.c_str(), O_RDONLY);
|
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
throw SysError(format("opening file ‘%1%’") % path);
|
throw SysError(format("opening file ‘%1%’") % path);
|
||||||
return drain ? drainFD(fd) : readFile(fd);
|
return drain ? drainFD(fd) : readFile(fd);
|
||||||
|
@ -282,7 +282,7 @@ string readFile(const Path & path, bool drain)
|
||||||
|
|
||||||
void writeFile(const Path & path, const string & s)
|
void writeFile(const Path & path, const string & s)
|
||||||
{
|
{
|
||||||
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0666);
|
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
|
||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
throw SysError(format("opening file ‘%1%’") % path);
|
throw SysError(format("opening file ‘%1%’") % path);
|
||||||
writeFull(fd, s);
|
writeFull(fd, s);
|
||||||
|
@ -633,11 +633,15 @@ int AutoCloseFD::borrow()
|
||||||
void Pipe::create()
|
void Pipe::create()
|
||||||
{
|
{
|
||||||
int fds[2];
|
int fds[2];
|
||||||
|
#if HAVE_PIPE2
|
||||||
|
if (pipe2(fds, O_CLOEXEC) != 0) throw SysError("creating pipe");
|
||||||
|
#else
|
||||||
if (pipe(fds) != 0) throw SysError("creating pipe");
|
if (pipe(fds) != 0) throw SysError("creating pipe");
|
||||||
|
closeOnExec(fds[0]);
|
||||||
|
closeOnExec(fds[1]);
|
||||||
|
#endif
|
||||||
readSide = fds[0];
|
readSide = fds[0];
|
||||||
writeSide = fds[1];
|
writeSide = fds[1];
|
||||||
closeOnExec(readSide);
|
|
||||||
closeOnExec(writeSide);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue