From d7bd21baf58538b76cb47ac974894cab2b411589 Mon Sep 17 00:00:00 2001 From: Joey Hess Date: Fri, 1 Sep 2017 18:31:21 -0400 Subject: Make lock file descriptors close-on-exec. --- debian/changelog | 1 + src/Propellor/Engine.hs | 1 + 2 files changed, 2 insertions(+) diff --git a/debian/changelog b/debian/changelog index c7cfb81a..f254b5a6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,7 @@ propellor (4.8.0) UNRELEASED; urgency=medium image. * Borg: Fix broken shell escaping in borg cron job. * Attic: Fix broken shell escaping in attic cron job. + * Make lock file descriptors close-on-exec. -- Joey Hess Thu, 24 Aug 2017 11:00:19 -0400 diff --git a/src/Propellor/Engine.hs b/src/Propellor/Engine.hs index f54da929..b4dc66ce 100644 --- a/src/Propellor/Engine.hs +++ b/src/Propellor/Engine.hs @@ -97,6 +97,7 @@ onlyProcess lockfile a = bracket lock unlock (const a) lock = do createDirectoryIfMissing True (takeDirectory lockfile) l <- createFile lockfile stdFileMode + setFdOption l CloseOnExec True setLock l (WriteLock, AbsoluteSeek, 0, 0) `catchIO` const alreadyrunning return l -- cgit v1.2.3