From e1999379dfc6d12abb9fa454ac01d4239baf361f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 3 May 2021 17:11:19 +0200 Subject: [PATCH] libselinux: label_db::db_init(): open file with CLOEXEC mode MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Open the file stream with the `e` flag, so that the underlying file descriptor gets closed on an exec in a potential sibling thread. Also drop the flag `b`, since it is ignored on POSIX systems. Found by clang-tidy. Signed-off-by: Christian Göttsche --- libselinux/src/label_db.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c index fba96c92..94c05c6d 100644 --- a/libselinux/src/label_db.c +++ b/libselinux/src/label_db.c @@ -277,7 +277,7 @@ db_init(const struct selinux_opt *opts, unsigned nopts, if (!path) path = selinux_sepgsql_context_path(); - if ((filp = fopen(path, "rb")) == NULL) { + if ((filp = fopen(path, "re")) == NULL) { free(catalog); return NULL; }