diff options
| author |  smitsohu <smitsohu@gmail.com> | 2021-05-16 15:48:14 +0200 |
|---|---|---|
| committer | smitsohu <smitsohu@gmail.com> | 2021-05-16 15:48:14 +0200 |
| commit | 825ac9cdc38c4285584e69d6f29102b149914dfe (patch) | |
| tree | fd65f17f166a535f9a619c044022a3b933cc5f0c /src/firejail/network.c | |
| parent | Update disable-common.inc (diff) | |
| download | firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.gz firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.tar.zst firejail-825ac9cdc38c4285584e69d6f29102b149914dfe.zip | |
open files O_CLOEXEC|O_EXCL
Dumb patch that adds O_CLOEXEC to all open/fopen
calls, even where it is obviously pointless.
While at it, also add O_EXCL where it might be
considered useful, for example to clear Coverity
warnings, or on files that subsequently are used
to configure a join sandbox.
Pure defense in depth, this patch should have no
observable effects.
Diffstat (limited to 'src/firejail/network.c')
| -rw-r--r-- | src/firejail/network.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/firejail/network.c b/src/firejail/network.c index f7142cefd..289e164c6 100644 --- a/src/firejail/network.c +++ b/src/firejail/network.c | |||
| @@ -217,7 +217,7 @@ int net_add_route(uint32_t ip, uint32_t mask, uint32_t gw) { | |||
| 217 | 217 | ||
| 218 | #define BUFSIZE 1024 | 218 | #define BUFSIZE 1024 |
| 219 | uint32_t network_get_defaultgw(void) { | 219 | uint32_t network_get_defaultgw(void) { |
| 220 | FILE *fp = fopen("/proc/self/net/route", "r"); | 220 | FILE *fp = fopen("/proc/self/net/route", "re"); |
| 221 | if (!fp) | 221 | if (!fp) |
| 222 | errExit("fopen"); | 222 | errExit("fopen"); |
| 223 | 223 | ||