From 33df919d5c4de51b88244d2e82ffe5c9c8abe950 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 14 Jul 2016 13:12:01 +0200
Subject: execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed
 processes

---
 src/core/execute.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/core')

diff --git a/src/core/execute.c b/src/core/execute.c
index 40466ad53c..7c178b97c3 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -3062,7 +3062,7 @@ int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
                 return r;
 
         if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
-                if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
+                if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, (*rt)->netns_storage_socket) < 0)
                         return -errno;
         }
 
-- 
cgit v1.2.3-54-g00ecf