tree-wide: use FORK_RLIMIT_NOFILE_SAFE wherever possible

Similar to the previous commit: in many cases no further fd processing needs to be done in forked of children before execve() or any of its flavours are called. In those case we can use FORK_RLIMIT_NOFILE_SAFE instead.
2018-11-26 16:11:45 +01:00 · 2018-11-26 16:11:45 +01:00 · 0672e2c6f8
parent 595225af7a
commit 0672e2c6f8
11 changed files with 15 additions and 15 deletions
--- a/src/activate/activate.c
+++ b/src/activate/activate.c
@ -249,7 +249,7 @@ static int fork_and_exec_process(const char* child, char** argv, char **env, int
        if (!joined)
                return log_oom();

-        r = safe_fork("(activate)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &child_pid);
+        r = safe_fork("(activate)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &child_pid);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/coredump/coredumpctl.c
+++ b/src/coredump/coredumpctl.c
@ -968,7 +968,7 @@ static int run_debug(int argc, char **argv, void *userdata) {

        fork_name = strjoina("(", arg_debugger, ")");

-        r = safe_fork(fork_name, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+        r = safe_fork(fork_name, FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                goto finish;
        if (r == 0) {
--- a/src/delta/delta.c
+++ b/src/delta/delta.c
@ -169,7 +169,7 @@ static int found_override(const char *top, const char *bottom) {

        fflush(stdout);

-        r = safe_fork("(diff)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+        r = safe_fork("(diff)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/login/inhibit.c
+++ b/src/login/inhibit.c
@ -303,7 +303,7 @@ static int run(int argc, char *argv[]) {
                if (fd < 0)
                        return log_error_errno(fd, "Failed to inhibit: %s", bus_error_message(&error, fd));

-                r = safe_fork("(inhibit)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+                r = safe_fork("(inhibit)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
                if (r < 0)
                        return r;
                if (r == 0) {
--- a/src/partition/makefs.c
+++ b/src/partition/makefs.c
@ -28,7 +28,7 @@ static int makefs(const char *type, const char *device) {
        if (access(mkfs, X_OK) != 0)
                return log_error_errno(errno, "%s is not executable: %m", mkfs);

-        r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(fsck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/quotacheck/quotacheck.c
+++ b/src/quotacheck/quotacheck.c
@ -78,7 +78,7 @@ static int run(int argc, char *argv[]) {
                        return 0;
        }

-        r = safe_fork("(quotacheck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+        r = safe_fork("(quotacheck)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_WAIT|FORK_LOG, NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/remount-fs/remount-fs.c
+++ b/src/remount-fs/remount-fs.c
@ -62,7 +62,7 @@ static int run(int argc, char *argv[]) {

                log_debug("Remounting %s", me->mnt_dir);

-                r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+                r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
                if (r < 0)
                        return r;
                if (r == 0) {
--- a/src/shared/pager.c
+++ b/src/shared/pager.c
@ -132,7 +132,7 @@ int pager_open(PagerFlags flags) {
        if (flags & PAGER_JUMP_TO_END)
                less_opts = strjoina(less_opts, " +G");

-        r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pager_pid);
+        r = safe_fork("(pager)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pager_pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -257,7 +257,7 @@ int show_man_page(const char *desc, bool null_stdio) {
        } else
                args[1] = desc;

-        r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_LOG, &pid);
+        r = safe_fork("(man)", FORK_RESET_SIGNALS|FORK_DEATHSIG|(null_stdio ? FORK_NULL_STDIO : 0)|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/sulogin-shell/sulogin-shell.c
+++ b/src/sulogin-shell/sulogin-shell.c
@ -69,7 +69,7 @@ static int fork_wait(const char* const cmdline[]) {
        pid_t pid;
        int r;

-        r = safe_fork("(sulogin)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(sulogin)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/systemctl/systemctl.c
+++ b/src/systemctl/systemctl.c
@ -3532,7 +3532,7 @@ static int load_kexec_kernel(void) {
        if (arg_dry_run)
                return 0;

-        r = safe_fork("(kexec)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+        r = safe_fork("(kexec)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -6005,7 +6005,7 @@ static int enable_sysv_units(const char *verb, char **args) {
                if (!arg_quiet)
                        log_info("Executing: %s", l);

-                j = safe_fork("(sysv-install)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
+                j = safe_fork("(sysv-install)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
                if (j < 0)
                        return j;
                if (j == 0) {
@ -6900,7 +6900,7 @@ static int run_editor(char **paths) {

        assert(paths);

-        r = safe_fork("(editor)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_WAIT, NULL);
+        r = safe_fork("(editor)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG|FORK_WAIT, NULL);
        if (r < 0)
                return r;
        if (r == 0) {
--- a/src/vconsole/vconsole-setup.c
+++ b/src/vconsole/vconsole-setup.c
@ -149,7 +149,7 @@ static int keyboard_load_and_wait(const char *vc, const char *map, const char *m
                log_debug("Executing \"%s\"...", strnull(cmd));
        }

-        r = safe_fork("(loadkeys)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+        r = safe_fork("(loadkeys)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {
@ -192,7 +192,7 @@ static int font_load_and_wait(const char *vc, const char *font, const char *map,
                log_debug("Executing \"%s\"...", strnull(cmd));
        }

-        r = safe_fork("(setfont)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_LOG, &pid);
+        r = safe_fork("(setfont)", FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
        if (r < 0)
                return r;
        if (r == 0) {