libselinux: add O_CLOEXEC

Makes libselinux safer and less likely to leak file descriptors when used as part of a multithreaded program. Signed-off-by: Nick Kralevich <nnk@google.com>
author: Nick Kralevich <nnk@google.com> 2016-12-11 09:30:16 -0800
committer: Stephen Smalley <sds@tycho.nsa.gov> 2017-04-12 14:51:41 -0400
commit: 64afa1aff1cd610d2493f780e2a44b551f668b84 (patch)
tree: e3fb6756f529cf4b15736955db8f6d74bfa6bcd1 /libselinux/src/compute_relabel.c
parent: 35af4592202cc4e7d7f605ce5d51dce5827cd55a (diff)
download: android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.gz
android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.bz2
android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/libselinux/src/compute_relabel.c b/libselinux/src/compute_relabel.c
index 4615aee4..49f77ef3 100644
--- a/libselinux/src/compute_relabel.c
+++ b/libselinux/src/compute_relabel.c
@@ -26,7 +26,7 @@ int security_compute_relabel_raw(const char * scon,
 	}
 
 	snprintf(path, sizeof path, "%s/relabel", selinux_mnt);
-	fd = open(path, O_RDWR);
+	fd = open(path, O_RDWR | O_CLOEXEC);
 	if (fd < 0)
 		return -1;
author	Nick Kralevich <nnk@google.com>	2016-12-11 09:30:16 -0800
committer	Stephen Smalley <sds@tycho.nsa.gov>	2017-04-12 14:51:41 -0400
commit	64afa1aff1cd610d2493f780e2a44b551f668b84 (patch)
tree	e3fb6756f529cf4b15736955db8f6d74bfa6bcd1 /libselinux/src/compute_relabel.c
parent	35af4592202cc4e7d7f605ce5d51dce5827cd55a (diff)
download	android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.gz android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.tar.bz2 android_external_selinux-64afa1aff1cd610d2493f780e2a44b551f668b84.zip