Use FD_CLOEXEC in Sentinel, so that FDs don't leak to the scripts it runs (#8242)

Sentinel uses execve to run scripts, so it needs to use FD_CLOEXEC on all file descriptors, so that they're not accessible by the script it runs. This commit includes a change to the sentinel tests, which verifies no FDs are left opened when the script is executed.
author: Andy Pan <panjf2000@gmail.com> 2021-01-20 04:57:30 +0800
committer: GitHub <noreply@github.com> 2021-01-19 22:57:30 +0200
commit: fb66e2e24943018961321d13e46ee2ab66de882a (patch)
tree: 04075a8d909bc1eba249ecb1aaf1b4705fc84823 /src/sentinel.c
parent: aaf71b380ed5ef8d5d63f8a60733c35202c5b838 (diff)
download: redis-fb66e2e24943018961321d13e46ee2ab66de882a.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/src/sentinel.c b/src/sentinel.c
index 089282b71..26c129385 100644
--- a/src/sentinel.c
+++ b/src/sentinel.c
@@ -2135,6 +2135,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) {
                 link->cc->errstr);
             instanceLinkCloseConnection(link,link->cc);
         } else {
+            anetCloexec(link->cc->c.fd);
             link->pending_commands = 0;
             link->cc_conn_time = mstime();
             link->cc->data = link;
@@ -2162,7 +2163,7 @@ void sentinelReconnectInstance(sentinelRedisInstance *ri) {
             instanceLinkCloseConnection(link,link->pc);
         } else {
             int retval;
-
+            anetCloexec(link->pc->c.fd);
             link->pc_conn_time = mstime();
             link->pc->data = link;
             redisAeAttach(server.el,link->pc);
author	Andy Pan <panjf2000@gmail.com>	2021-01-20 04:57:30 +0800
committer	GitHub <noreply@github.com>	2021-01-19 22:57:30 +0200
commit	fb66e2e24943018961321d13e46ee2ab66de882a (patch)
tree	04075a8d909bc1eba249ecb1aaf1b4705fc84823 /src/sentinel.c
parent	aaf71b380ed5ef8d5d63f8a60733c35202c5b838 (diff)
download	redis-fb66e2e24943018961321d13e46ee2ab66de882a.tar.gz