From 0c2aedb451c9da0d997e46c84d399c80d7fcb61d Mon Sep 17 00:00:00 2001
From: Yu Watanabe <watanabe.yu+github@gmail.com>
Date: Tue, 7 Feb 2023 18:55:39 +0900
Subject: tree-wide: use FORK_REARRANGE_STDIO and FORK_CLOSE_ALL_FDS

---
 src/nspawn/nspawn-setuid.c | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

(limited to 'src/nspawn')

diff --git a/src/nspawn/nspawn-setuid.c b/src/nspawn/nspawn-setuid.c
index 5772d96b2f..3c12648b9d 100644
--- a/src/nspawn/nspawn-setuid.c
+++ b/src/nspawn/nspawn-setuid.c
@@ -28,23 +28,17 @@ static int spawn_getent(const char *database, const char *key, pid_t *rpid) {
         if (pipe2(pipe_fds, O_CLOEXEC) < 0)
                 return log_error_errno(errno, "Failed to allocate pipe: %m");
 
-        r = safe_fork("(getent)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE, &pid);
+        r = safe_fork_full("(getent)",
+                           (int[]) { -EBADF, pipe_fds[1], -EBADF }, NULL, 0,
+                           FORK_RESET_SIGNALS|FORK_CLOSE_ALL_FDS|FORK_DEATHSIG|FORK_REARRANGE_STDIO|FORK_LOG|FORK_RLIMIT_NOFILE_SAFE,
+                           &pid);
         if (r < 0) {
                 safe_close_pair(pipe_fds);
                 return r;
         }
         if (r == 0) {
-                char *empty_env = NULL;
-
-                pipe_fds[0] = safe_close(pipe_fds[0]);
-
-                if (rearrange_stdio(-EBADF, TAKE_FD(pipe_fds[1]), -EBADF) < 0)
-                        _exit(EXIT_FAILURE);
-
-                (void) close_all_fds(NULL, 0);
-
-                execle("/usr/bin/getent", "getent", database, key, NULL, &empty_env);
-                execle("/bin/getent", "getent", database, key, NULL, &empty_env);
+                execle("/usr/bin/getent", "getent", database, key, NULL, &(char*[1]){});
+                execle("/bin/getent", "getent", database, key, NULL, &(char*[1]){});
                 _exit(EXIT_FAILURE);
         }
 
-- 
cgit v1.2.1