summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2010-07-12 20:34:53 +0200
committerLennart Poettering <lennart@poettering.net>2010-07-12 20:34:53 +0200
commitfc9b2a84dcf70bdd3100cbcb84f2858dd5303d76 (patch)
tree2c8be1e774b3204bfcec5ae213140a34d6c5d419
parentab861dd00a0729fef64203dd2b9aac1f22047e36 (diff)
execute: close inherited fds earlier
-rw-r--r--src/execute.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/src/execute.c b/src/execute.c
index 6363719cde..5483b6949e 100644
--- a/src/execute.c
+++ b/src/execute.c
@@ -968,6 +968,14 @@ int exec_spawn(ExecCommand *command,
goto fail;
}
+ /* Close sockets very early to make sure we don' block
+ * init reexecution because it cannot bind its sockets
+ * or so */
+ if (close_all_fds(fds, n_fds) < 0) {
+ r = EXIT_FDS;
+ goto fail;
+ }
+
if (!context->same_pgrp)
if (setsid() < 0) {
r = EXIT_SETSID;
@@ -1111,16 +1119,6 @@ int exec_spawn(ExecCommand *command,
#ifdef HAVE_PAM
if (context->pam_name && username) {
- /* Make sure no fds leak into the PAM
- * supervisor process. We will call this later
- * on again to make sure that any fds leaked
- * by the PAM modules get closed before our
- * exec(). */
- if (close_all_fds(fds, n_fds) < 0) {
- r = EXIT_FDS;
- goto fail;
- }
-
if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) {
r = EXIT_PAM;
goto fail;
@@ -1180,6 +1178,8 @@ int exec_spawn(ExecCommand *command,
free(d);
}
+ /* We repeat the fd closing here, to make sure that
+ * nothing is leaked from the PAM modules */
if (close_all_fds(fds, n_fds) < 0 ||
shift_fds(fds, n_fds) < 0 ||
flags_fds(fds, n_fds, context->non_blocking) < 0) {