mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-27 13:37:30 +00:00
Use O_CLOEXEC in util packages
This prevents fd's from leaking to subprocesses.
This commit is contained in:
parent
0051db89a7
commit
7077bbd783
@ -23,7 +23,7 @@ import "golang.org/x/sys/unix"
|
|||||||
// Acquire acquires a lock on a file for the duration of the process. This method
|
// Acquire acquires a lock on a file for the duration of the process. This method
|
||||||
// is reentrant.
|
// is reentrant.
|
||||||
func Acquire(path string) error {
|
func Acquire(path string) error {
|
||||||
fd, err := unix.Open(path, unix.O_CREAT|unix.O_RDWR, 0600)
|
fd, err := unix.Open(path, unix.O_CREAT|unix.O_RDWR|unix.O_CLOEXEC, 0600)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -497,7 +497,7 @@ func ExclusiveOpenFailsOnDevice(pathname string) (bool, error) {
|
|||||||
klog.Errorf("Path %q is not referring to a device.", pathname)
|
klog.Errorf("Path %q is not referring to a device.", pathname)
|
||||||
return false, nil
|
return false, nil
|
||||||
}
|
}
|
||||||
fd, errno := unix.Open(pathname, unix.O_RDONLY|unix.O_EXCL, 0)
|
fd, errno := unix.Open(pathname, unix.O_RDONLY|unix.O_EXCL|unix.O_CLOEXEC, 0)
|
||||||
// If the device is in use, open will return an invalid fd.
|
// If the device is in use, open will return an invalid fd.
|
||||||
// When this happens, it is expected that Close will fail and throw an error.
|
// When this happens, it is expected that Close will fail and throw an error.
|
||||||
defer unix.Close(fd)
|
defer unix.Close(fd)
|
||||||
|
Loading…
Reference in New Issue
Block a user