Force O_CLOEXEC on the NETLINK socket

David Sommerseth · David Sommerseth · commit 1680cbeb40e7 · 2011-04-12T13:57:34.000+02:00
To avoid that the NETLINK socket is available to forked children, set the FD_CLOEXEC flag on the NETLINK socket. This also avoids SELinux from complaining on Fedora 14. For more information: https://bugzilla.redhat.com/show_bug.cgi?id=689843 Signed-off-by: David Sommerseth <davids@redhat.com>
diff --git a/python-ethtool/etherinfo.c b/python-ethtool/etherinfo.c
@@ -21,6 +21,7 @@
 #include <string.h>
 #include <sys/types.h>
 #include <unistd.h>
+#include <fcntl.h>
 #include <stdlib.h>
 #include <asm/types.h>
 #include <sys/socket.h>
@@ -382,6 +383,13 @@ int open_netlink(struct etherinfo_obj_data *data)
 	*data->nlc = nl_handle_alloc();
 	nl_connect(*data->nlc, NETLINK_ROUTE);
 	if( (*data->nlc != NULL) ) {
+		/* Force O_CLOEXEC flag on the NETLINK socket */
+		if( fcntl(nl_socket_get_fd(*data->nlc), F_SETFD, FD_CLOEXEC) == -1 ) {
+			fprintf(stderr,
+				"**WARNING** Failed to set O_CLOEXEC on NETLINK socket: %s\n",
+				strerror(errno));
+		}
+
 		/* Tag this object as an active user */
 		pthread_mutex_lock(&nlc_counter_mtx);
 		(*data->nlc_users)++;
