diff options
author | Lennart Poettering <lennart@poettering.net> | 2010-07-12 20:34:53 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2010-07-12 20:34:53 +0200 |
commit | fc9b2a84dcf70bdd3100cbcb84f2858dd5303d76 (patch) | |
tree | 2c8be1e774b3204bfcec5ae213140a34d6c5d419 | |
parent | ab861dd00a0729fef64203dd2b9aac1f22047e36 (diff) |
execute: close inherited fds earlier
-rw-r--r-- | src/execute.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/src/execute.c b/src/execute.c index 6363719cde..5483b6949e 100644 --- a/src/execute.c +++ b/src/execute.c @@ -968,6 +968,14 @@ int exec_spawn(ExecCommand *command, goto fail; } + /* Close sockets very early to make sure we don' block + * init reexecution because it cannot bind its sockets + * or so */ + if (close_all_fds(fds, n_fds) < 0) { + r = EXIT_FDS; + goto fail; + } + if (!context->same_pgrp) if (setsid() < 0) { r = EXIT_SETSID; @@ -1111,16 +1119,6 @@ int exec_spawn(ExecCommand *command, #ifdef HAVE_PAM if (context->pam_name && username) { - /* Make sure no fds leak into the PAM - * supervisor process. We will call this later - * on again to make sure that any fds leaked - * by the PAM modules get closed before our - * exec(). */ - if (close_all_fds(fds, n_fds) < 0) { - r = EXIT_FDS; - goto fail; - } - if (setup_pam(context->pam_name, username, context->tty_path, &pam_env, fds, n_fds) < 0) { r = EXIT_PAM; goto fail; @@ -1180,6 +1178,8 @@ int exec_spawn(ExecCommand *command, free(d); } + /* We repeat the fd closing here, to make sure that + * nothing is leaked from the PAM modules */ if (close_all_fds(fds, n_fds) < 0 || shift_fds(fds, n_fds) < 0 || flags_fds(fds, n_fds, context->non_blocking) < 0) { |