Enable close-on-exec flag when opening the tun device node.

When the close-on-exec flag is set, the file descriptor is automatically closed upon a successful exec. This keeps a child process--such as one started using system()--from inheriting the file descriptor. Signed-off-by: Tom Carroll <[email protected]>
openziti · May 6, 2023 · eeadcf9 · eeadcf9
1 parent f5346a0
commit eeadcf9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/programs/ziti-edge-tunnel/netif_driver/linux/tun.c b/programs/ziti-edge-tunnel/netif_driver/linux/tun.c
@@ -376,7 +376,7 @@ netif_driver tun_open(uv_loop_t *loop, uint32_t tun_ip, uint32_t dns_ip, const c
         return NULL;
     }
 
-    if ((tun->fd = open(DEVTUN, O_RDWR)) < 0) {
+    if ((tun->fd = open(DEVTUN, O_RDWR|O_CLOEXEC)) < 0) {
         if (error != NULL) {
             snprintf(error, error_len,"open %s failed", DEVTUN);
         }