[systemd-devel] Why do we must use the close_all_fds(3) function in some files?
David Herrmann
dh.herrmann at gmail.com
Mon Jun 16 05:44:29 PDT 2014
Hi
On Mon, Jun 16, 2014 at 2:32 PM, Geunsik Lim <geunsik.lim at gmail.com> wrote:
> Hi all,
>
> Recently, i checked that there are some of the "close_all_fds" functions as
> follows
> Why we Systemd run this functions? Whey this functions need Systemd's
> management?
>
> invain at u1204lgs:/sandbox/tizentvfolder/systemd$ grep -R "close_all_fds" ./*
> ./src/nspawn.c: close_all_fds(NULL, 0);
> ./src/util.c:int close_all_fds(const int except[], unsigned n_except) {
> ./src/util.c: close_all_fds(NULL, 0);
> ./src/main.c: close_all_fds(NULL, 0);
> ./src/spawn-agent.c: close_all_fds(NULL, 0);
> ./src/execute.c: err = close_all_fds(socket_fd >= 0 ?
> &socket_fd : fds,
> ./src/execute.c: err = close_all_fds(fds, n_fds);
> ./src/util.h:int close_all_fds(const int except[], unsigned n_except);
I didn't look for all occurrences, but usually this function is a
safety net: We set O_CLOEXEC on all FDs, therefore, on execve() they
get closed. However, in case we missed this somewhere, close_all_fds()
destroys those FDs for us. Furthermore, it also destroys any global
fds (stdin/stdout/...) in case we don't want to leak them into our
child.
Thanks
David
More information about the systemd-devel
mailing list