[systemd-devel] Why do we must use the close_all_fds(3) function in some files?
Lennart Poettering
lennart at poettering.net
Mon Jun 16 08:23:37 PDT 2014
On Mon, 16.06.14 14:44, David Herrmann (dh.herrmann at gmail.com) wrote:
>
> Hi
>
> On Mon, Jun 16, 2014 at 2:32 PM, Geunsik Lim <geunsik.lim at gmail.com> wrote:
> > Hi all,
> >
> > Recently, i checked that there are some of the "close_all_fds" functions as
> > follows
> > Why we Systemd run this functions? Whey this functions need Systemd's
> > management?
> >
> > invain at u1204lgs:/sandbox/tizentvfolder/systemd$ grep -R "close_all_fds" ./*
> > ./src/nspawn.c: close_all_fds(NULL, 0);
> > ./src/util.c:int close_all_fds(const int except[], unsigned n_except) {
> > ./src/util.c: close_all_fds(NULL, 0);
> > ./src/main.c: close_all_fds(NULL, 0);
> > ./src/spawn-agent.c: close_all_fds(NULL, 0);
> > ./src/execute.c: err = close_all_fds(socket_fd >= 0 ?
> > &socket_fd : fds,
> > ./src/execute.c: err = close_all_fds(fds, n_fds);
> > ./src/util.h:int close_all_fds(const int except[], unsigned n_except);
>
> I didn't look for all occurrences, but usually this function is a
> safety net: We set O_CLOEXEC on all FDs, therefore, on execve() they
> get closed. However, in case we missed this somewhere, close_all_fds()
> destroys those FDs for us. Furthermore, it also destroys any global
> fds (stdin/stdout/...) in case we don't want to leak them into our
> child.
Actually the three stdio fds (0, 1, 2) are explicitly excluded from what
close_all_fds() does.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list