[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-changelog] [xen-unstable] [LIBXC] Set close-on-exec on the privcmd fd in libxc.



# HG changeset patch
# User kfraser@xxxxxxxxxxxxxxxxxxxxx
# Node ID 59adc1f7dfca2e3182289fa2d422ddf1810016e9
# Parent  f437295526037a468bbd2659935ab7935262a99e
[LIBXC] Set close-on-exec on the privcmd fd in libxc.
Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
---
 tools/libxc/xc_linux.c |   30 ++++++++++++++++++++++++++++++
 1 files changed, 30 insertions(+)

diff -r f43729552603 -r 59adc1f7dfca tools/libxc/xc_linux.c
--- a/tools/libxc/xc_linux.c    Tue Aug 15 16:21:12 2006 +0100
+++ b/tools/libxc/xc_linux.c    Tue Aug 15 16:25:04 2006 +0100
@@ -13,13 +13,43 @@
 
 #include <xen/memory.h>
 #include <xen/sys/evtchn.h>
+#include <unistd.h>
+#include <fcntl.h>
 
 int xc_interface_open(void)
 {
+    int flags, saved_errno;
     int fd = open("/proc/xen/privcmd", O_RDWR);
+
     if ( fd == -1 )
+    {
         PERROR("Could not obtain handle on privileged command interface");
+        return -1;
+    }
+
+    /* Although we return the file handle as the 'xc handle' the API
+       does not specify / guarentee that this integer is in fact
+       a file handle. Thus we must take responsiblity to ensure
+       it doesn't propagate (ie leak) outside the process */
+    if ( (flags = fcntl(fd, F_GETFD)) < 0 )
+    {
+        PERROR("Could not get file handle flags");
+        goto error;
+    }
+    flags |= FD_CLOEXEC;
+    if ( fcntl(fd, F_SETFD, flags) < 0 )
+    {
+        PERROR("Could not set file handle flags");
+        goto error;
+    }
+
     return fd;
+
+ error:
+    saved_errno = errno;
+    close(fd);
+    errno = saved_errno;
+    return -1;
 }
 
 int xc_interface_close(int xc_handle)

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.