diff options
author | Andy Pan <panjf2000@gmail.com> | 2021-01-20 04:57:30 +0800 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-01-19 22:57:30 +0200 |
commit | fb66e2e24943018961321d13e46ee2ab66de882a (patch) | |
tree | 04075a8d909bc1eba249ecb1aaf1b4705fc84823 /src/ae_evport.c | |
parent | aaf71b380ed5ef8d5d63f8a60733c35202c5b838 (diff) | |
download | redis-fb66e2e24943018961321d13e46ee2ab66de882a.tar.gz |
Use FD_CLOEXEC in Sentinel, so that FDs don't leak to the scripts it runs (#8242)
Sentinel uses execve to run scripts, so it needs to use FD_CLOEXEC
on all file descriptors, so that they're not accessible by the script it runs.
This commit includes a change to the sentinel tests, which verifies no
FDs are left opened when the script is executed.
Diffstat (limited to 'src/ae_evport.c')
-rw-r--r-- | src/ae_evport.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/ae_evport.c b/src/ae_evport.c index 4e254b602..7a0b03aea 100644 --- a/src/ae_evport.c +++ b/src/ae_evport.c @@ -82,6 +82,7 @@ static int aeApiCreate(aeEventLoop *eventLoop) { zfree(state); return -1; } + anetCloexec(state->portfd); state->npending = 0; |