Add FD_CLOEXEC flag to config files, pipes and sockets

File descriptors are leaking to processes spawned by upsmod and
upssched, leading to SELinux errors when (for example) sendmail
attempts to read from fd #4.

Author: sshambar

clients/upsmon.c

@@ -24,6 +24,8 @@
 #include <sys/stat.h>
 #include <sys/wait.h>
 #include <sys/socket.h>
+#include <unistd.h>
+#include <fcntl.h>
 
 #include "upsclient.h"
 #include "upsmon.h"
@@ -1432,6 +1434,9 @@ static int try_connect(utype_t *ups)
 	/* we're definitely connected now */
 	setflag(&ups->status, ST_CONNECTED);
 
+	/* prevent connection leaking to NOTIFYCMD */
+	fcntl(upscli_fd(&ups->conn), F_SETFD, FD_CLOEXEC);
+
 	/* now try to authenticate to upsd */
 
 	ret = do_upsd_auth(ups);
@@ -1714,6 +1719,9 @@ static void start_pipe(void)
 	}
 
 	close(pipefd[0]);
+
+	/* prevent pipe leaking to NOTIFYCMD */
+	fcntl(pipefd[1], F_SETFD, FD_CLOEXEC);
 }
 
 static void delete_ups(utype_t *target)

clients/upssched.c

@@ -46,6 +46,8 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <netinet/in.h>
+#include <unistd.h>
+#include <fcntl.h>
 
 #include "upssched.h"
 #include "timehead.h"
@@ -297,6 +299,9 @@ static int open_sock(void)
 	if (ret < 0)
 		fatal_with_errno(EXIT_FAILURE, "listen(%d, %d) failed", fd, US_LISTEN_BACKLOG);
 
+	/* don't leak socket to CMDSCRIPT */
+	fcntl(fd, F_SETFD, FD_CLOEXEC);
+
 	return fd;
 }
 
@@ -370,6 +375,9 @@ static void conn_add(int sockfd)
 		return;
 	}
 
+	/* don't leak connection to CMDSCRIPT */
+	fcntl(acc, F_SETFD, FD_CLOEXEC);
+
 	/* enable nonblocking I/O */
 
 	ret = fcntl(acc, F_GETFL, 0);

common/parseconf.c

@@ -83,6 +83,7 @@
 #include <stdlib.h>
 #include <string.h>	
 #include <unistd.h>
+#include <fcntl.h>
 
 #include "parseconf.h"
 
@@ -443,6 +444,9 @@ int pconf_file_begin(PCONF_CTX_t *ctx, const char *fn)
 		return 0;
 	}
 
+	/* prevent fd leaking to child processes */
+	fcntl(fileno(ctx->f), F_SETFD, FD_CLOEXEC);
+
 	return 1;	/* OK */
 }