picnoir/nix-gh
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Use O_CLOEXEC in most places

Browse source
This commit is contained in:
Eelco Dolstra 2016-06-09 16:15:58 +02:00
parent 9bdd949cfd
commit 202683a4fc
9 changed files with 23 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
configure.ac
View file

@ -80,7 +80,7 @@ static char buf[1024];]],
AC_LANG_POP(C++) AC_LANG_POP(C++)
AC_CHECK_FUNCS([statvfs]) AC_CHECK_FUNCS([statvfs pipe2])
# Check for lutimes, optionally used for changing the mtime of # Check for lutimes, optionally used for changing the mtime of

3
src/libstore/build.cc
View file

@ -509,10 +509,9 @@ void UserLock::acquire()
/* We already have a lock on this one. */ /* We already have a lock on this one. */
continue; continue;
AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT, 0600); AutoCloseFD fd = open(fnUserLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (fd == -1) if (fd == -1)
throw SysError(format("opening user lock %1%") % fnUserLock); throw SysError(format("opening user lock %1%") % fnUserLock);
closeOnExec(fd);
if (lockFile(fd, ltWrite, false)) { if (lockFile(fd, ltWrite, false)) {
fdUserLock = fd.borrow(); fdUserLock = fd.borrow();

5
src/libstore/gc.cc
View file

@ -33,10 +33,9 @@ int LocalStore::openGCLock(LockType lockType)
debug(format("acquiring global GC lock %1%") % fnGCLock); debug(format("acquiring global GC lock %1%") % fnGCLock);
AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT, 0600); AutoCloseFD fdGCLock = open(fnGCLock.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (fdGCLock == -1) if (fdGCLock == -1)
throw SysError(format("opening global GC lock %1%") % fnGCLock); throw SysError(format("opening global GC lock %1%") % fnGCLock);
closeOnExec(fdGCLock);
if (!lockFile(fdGCLock, lockType, false)) { if (!lockFile(fdGCLock, lockType, false)) {
printMsg(lvlError, format("waiting for the big garbage collector lock...")); printMsg(lvlError, format("waiting for the big garbage collector lock..."));
@ -211,7 +210,7 @@ void LocalStore::readTempRoots(PathSet & tempRoots, FDs & fds)
Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str(); Path path = (format("%1%/%2%/%3%") % stateDir % tempRootsDir % i.name).str();
debug(format("reading temporary root file %1%") % path); debug(format("reading temporary root file %1%") % path);
FDPtr fd(new AutoCloseFD(open(path.c_str(), O_RDWR, 0666))); FDPtr fd(new AutoCloseFD(open(path.c_str(), O_CLOEXEC | O_RDWR, 0666)));
if (*fd == -1) { if (*fd == -1) {
/* It's okay if the file has disappeared. */ /* It's okay if the file has disappeared. */
if (errno == ENOENT) continue; if (errno == ENOENT) continue;

4
src/libstore/local-store.cc
View file

@ -117,7 +117,7 @@ LocalStore::LocalStore(const Params & params)
if (stat(reservedPath.c_str(), &st) == -1 || if (stat(reservedPath.c_str(), &st) == -1 ||
st.st_size != settings.reservedSize) st.st_size != settings.reservedSize)
{ {
AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT, 0600); AutoCloseFD fd = open(reservedPath.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC, 0600);
int res = -1; int res = -1;
#if HAVE_POSIX_FALLOCATE #if HAVE_POSIX_FALLOCATE
res = posix_fallocate(fd, 0, settings.reservedSize); res = posix_fallocate(fd, 0, settings.reservedSize);
@ -1245,7 +1245,7 @@ static void makeMutable(const Path & path)
/* The O_NOFOLLOW is important to prevent us from changing the /* The O_NOFOLLOW is important to prevent us from changing the
mutable bit on the target of a symlink (which would be a mutable bit on the target of a symlink (which would be a
security hole). */ security hole). */
AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW); AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
if (fd == -1) { if (fd == -1) {
if (errno == ELOOP) return; // it's a symlink if (errno == ELOOP) return; // it's a symlink
throw SysError(format("opening file %1%") % path); throw SysError(format("opening file %1%") % path);

4
src/libstore/pathlocks.cc
View file

@ -16,12 +16,10 @@ int openLockFile(const Path & path, bool create)
{ {
AutoCloseFD fd; AutoCloseFD fd;
fd = open(path.c_str(), O_RDWR | (create ? O_CREAT : 0), 0600); fd = open(path.c_str(), O_CLOEXEC | O_RDWR | (create ? O_CREAT : 0), 0600);
if (fd == -1 && (create || errno != ENOENT)) if (fd == -1 && (create || errno != ENOENT))
throw SysError(format("opening lock file %1%") % path); throw SysError(format("opening lock file %1%") % path);
closeOnExec(fd);
return fd.borrow(); return fd.borrow();
} }

6
src/libstore/remote-store.cc
View file

@ -61,7 +61,11 @@ ref<RemoteStore::Connection> RemoteStore::openConnection()
auto conn = make_ref<Connection>(); auto conn = make_ref<Connection>();
/* Connect to a daemon that does the privileged work for us. */ /* Connect to a daemon that does the privileged work for us. */
conn->fd = socket(PF_UNIX, SOCK_STREAM, 0); conn->fd = socket(PF_UNIX, SOCK_STREAM
#ifdef SOCK_CLOEXEC
| SOCK_CLOEXEC
#endif
, 0);
if (conn->fd == -1) if (conn->fd == -1)
throw SysError("cannot create Unix domain socket"); throw SysError("cannot create Unix domain socket");
closeOnExec(conn->fd); closeOnExec(conn->fd);

4
src/libutil/archive.cc
View file

@ -41,7 +41,7 @@ static void dumpContents(const Path & path, size_t size,
{ {
sink << "contents" << size; sink << "contents" << size;
AutoCloseFD fd = open(path.c_str(), O_RDONLY); AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) throw SysError(format("opening file %1%") % path); if (fd == -1) throw SysError(format("opening file %1%") % path);
unsigned char buf[65536]; unsigned char buf[65536];
@ -304,7 +304,7 @@ struct RestoreSink : ParseSink
{ {
Path p = dstPath + path; Path p = dstPath + path;
fd.close(); fd.close();
fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0666); fd = open(p.c_str(), O_CREAT | O_EXCL | O_WRONLY | O_CLOEXEC, 0666);
if (fd == -1) throw SysError(format("creating file %1%") % p); if (fd == -1) throw SysError(format("creating file %1%") % p);
} }

2
src/libutil/hash.cc
View file

@ -254,7 +254,7 @@ Hash hashFile(HashType ht, const Path & path)
Hash hash(ht); Hash hash(ht);
start(ht, ctx); start(ht, ctx);
AutoCloseFD fd = open(path.c_str(), O_RDONLY); AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) throw SysError(format("opening file %1%") % path); if (fd == -1) throw SysError(format("opening file %1%") % path);
unsigned char buf[8192]; unsigned char buf[8192];

12
src/libutil/util.cc
View file

@ -273,7 +273,7 @@ string readFile(int fd)
string readFile(const Path & path, bool drain) string readFile(const Path & path, bool drain)
{ {
AutoCloseFD fd = open(path.c_str(), O_RDONLY); AutoCloseFD fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
if (fd == -1) if (fd == -1)
throw SysError(format("opening file %1%") % path); throw SysError(format("opening file %1%") % path);
return drain ? drainFD(fd) : readFile(fd); return drain ? drainFD(fd) : readFile(fd);
@ -282,7 +282,7 @@ string readFile(const Path & path, bool drain)
void writeFile(const Path & path, const string & s) void writeFile(const Path & path, const string & s)
{ {
AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT, 0666); AutoCloseFD fd = open(path.c_str(), O_WRONLY | O_TRUNC | O_CREAT | O_CLOEXEC, 0666);
if (fd == -1) if (fd == -1)
throw SysError(format("opening file %1%") % path); throw SysError(format("opening file %1%") % path);
writeFull(fd, s); writeFull(fd, s);
@ -633,11 +633,15 @@ int AutoCloseFD::borrow()
void Pipe::create() void Pipe::create()
{ {
int fds[2]; int fds[2];
#if HAVE_PIPE2
if (pipe2(fds, O_CLOEXEC) != 0) throw SysError("creating pipe");
#else
if (pipe(fds) != 0) throw SysError("creating pipe"); if (pipe(fds) != 0) throw SysError("creating pipe");
closeOnExec(fds[0]);
closeOnExec(fds[1]);
#endif
readSide = fds[0]; readSide = fds[0];
writeSide = fds[1]; writeSide = fds[1];
closeOnExec(readSide);
closeOnExec(writeSide);
} }