From dd4540da0e1f983540d862cc657df7161a3bdd06 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 30 Oct 2014 17:05:25 +0100
Subject: CODING_STYLE: clarify that we really should use O_CLOEXEC everywhere

---
 CODING_STYLE | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CODING_STYLE b/CODING_STYLE
index 4439ee6099..0b1f809e79 100644
--- a/CODING_STYLE
+++ b/CODING_STYLE
@@ -190,3 +190,8 @@
 - Do not write functions that clobber call-by-reference variables on
   failure. Use temporary variables for these cases and change the
   passed in variables only on success.
+
+- When you allocate a file descriptor, it should be made O_CLOEXEC
+  right from the beginning, as none of our files should leak to forked
+  binaries by default. Hence, whenever you open a file, O_CLOEXEC must
+  be specified, right from the beginning.
-- 
cgit v1.2.3-54-g00ecf