From 071e5e5a65027072d0989ddf3bca06c056560220 Mon Sep 17 00:00:00 2001
From: Alexander Larsson <alexl@redhat.com>
Date: Mon, 24 Mar 2014 15:33:22 +0100
Subject: [PATCH] beam: Make extracted Fds CloseOnExec

Grab forklock to make sure no forks accidentally inherit the new fds
before they are made CLOEXEC There is a slight race condition between
ReadMsgUnix returns and when we grap the lock, so this is not
perfect. Unfortunately There is no way to pass MSG_CMSG_CLOEXEC to
recvmsg() nor any way to implement non-blocking i/o in go, so this is
hard to fix.

Docker-DCO-1.1-Signed-off-by: Alexander Larsson <alexl@redhat.com> (github: alexlarsson)
---
 beam/unix.go | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/beam/unix.go b/beam/unix.go
index 12cfbcb..25767bb 100644
--- a/beam/unix.go
+++ b/beam/unix.go
@@ -148,6 +148,14 @@ func sendUnix(conn *net.UnixConn, data []byte, fds ...int) error {
 }
 
 func extractFds(oob []byte) (fds []int) {
+	// Grab forklock to make sure no forks accidentally inherit the new
+	// fds before they are made CLOEXEC
+	// There is a slight race condition between ReadMsgUnix returns and
+	// when we grap the lock, so this is not perfect. Unfortunately
+	// There is no way to pass MSG_CMSG_CLOEXEC to recvmsg() nor any
+	// way to implement non-blocking i/o in go, so this is hard to fix.
+	syscall.ForkLock.Lock()
+	defer syscall.ForkLock.Unlock()
 	scms, err := syscall.ParseSocketControlMessage(oob)
 	if err != nil {
 		return
@@ -158,6 +166,10 @@ func extractFds(oob []byte) (fds []int) {
 			continue
 		}
 		fds = append(fds, gotFds...)
+
+		for _, fd := range fds {
+			syscall.CloseOnExec(fd)
+		}
 	}
 	return
 }