lib/: set O_CLOEXEC on all fds

As found by
  git grep -E '(open|setmntent|pipe2?)\(' |
    grep -vE '((zfs|zpool)_|fd|dl|lzc_re|pidfile_|g_)open\('

FreeBSD's pidfile_open() says nothing about the flags of the files it
opens, but we can't do anything about it anyway; the implementation does
open all files with O_CLOEXEC

Consider this output with zpool.d/media appended with
"pid=$$; (ls -l /proc/$pid/fd > /dev/tty)":
  $ /sbin/zpool iostat -vc media
  lrwx------ 0 -> /dev/pts/0
  l-wx------ 1 -> 'pipe:[3278500]'
  l-wx------ 2 -> /dev/null
  lrwx------ 3 -> /dev/zfs
  lr-x------ 4 -> /proc/31895/mounts
  lrwx------ 5 -> /dev/zfs
  lr-x------ 10 -> /usr/lib/zfs-linux/zpool.d/media
vs
  $ ./zpool iostat -vc vendor,upath,iostat,media
  lrwx------ 0 -> /dev/pts/0
  l-wx------ 1 -> 'pipe:[3279887]'
  l-wx------ 2 -> /dev/null
  lr-x------ 10 -> /usr/lib/zfs-linux/zpool.d/media

Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov>
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Closes #11866
This commit is contained in:
наб 2021-04-08 22:17:38 +02:00 committed by Brian Behlendorf
parent 92ffd87aaf
commit 10b575d04c
22 changed files with 51 additions and 62 deletions

View File

@ -638,8 +638,8 @@ extern void delay(clock_t ticks);
#define NN_NUMBUF_SZ (6) #define NN_NUMBUF_SZ (6)
extern uint64_t physmem; extern uint64_t physmem;
extern char *random_path; extern const char *random_path;
extern char *urandom_path; extern const char *urandom_path;
extern int highbit64(uint64_t i); extern int highbit64(uint64_t i);
extern int lowbit64(uint64_t i); extern int lowbit64(uint64_t i);

View File

@ -66,7 +66,7 @@ static int
nfs_exports_lock(void) nfs_exports_lock(void)
{ {
nfs_lock_fd = open(ZFS_EXPORTS_LOCK, nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
O_RDWR | O_CREAT, 0600); O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (nfs_lock_fd == -1) { if (nfs_lock_fd == -1) {
fprintf(stderr, "failed to lock %s: %s\n", fprintf(stderr, "failed to lock %s: %s\n",
ZFS_EXPORTS_LOCK, strerror(errno)); ZFS_EXPORTS_LOCK, strerror(errno));
@ -228,8 +228,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
int error = SA_OK; int error = SA_OK;
char *line; char *line;
FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r"); FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
FILE *newfp = fopen(filename, "w+"); FILE *newfp = fopen(filename, "w+e");
if (newfp == NULL) { if (newfp == NULL) {
fprintf(stderr, "failed to open %s file: %s", filename, fprintf(stderr, "failed to open %s file: %s", filename,
strerror(errno)); strerror(errno));
@ -291,7 +291,7 @@ nfs_enable_share(sa_share_impl_t impl_share)
return (error); return (error);
} }
FILE *fp = fopen(filename, "a+"); FILE *fp = fopen(filename, "a+e");
if (fp == NULL) { if (fp == NULL) {
fprintf(stderr, "failed to open %s file: %s", filename, fprintf(stderr, "failed to open %s file: %s", filename,
strerror(errno)); strerror(errno));
@ -368,7 +368,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
char *mntpoint = impl_share->sa_mountpoint; char *mntpoint = impl_share->sa_mountpoint;
size_t mntlen = strlen(mntpoint); size_t mntlen = strlen(mntpoint);
FILE *fp = fopen(ZFS_EXPORTS_FILE, "r"); FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
if (fp == NULL) if (fp == NULL)
return (B_FALSE); return (B_FALSE);

View File

@ -66,7 +66,7 @@ static int
nfs_exports_lock(void) nfs_exports_lock(void)
{ {
nfs_lock_fd = open(ZFS_EXPORTS_LOCK, nfs_lock_fd = open(ZFS_EXPORTS_LOCK,
O_RDWR | O_CREAT, 0600); O_RDWR | O_CREAT | O_CLOEXEC, 0600);
if (nfs_lock_fd == -1) { if (nfs_lock_fd == -1) {
fprintf(stderr, "failed to lock %s: %s\n", fprintf(stderr, "failed to lock %s: %s\n",
ZFS_EXPORTS_LOCK, strerror(errno)); ZFS_EXPORTS_LOCK, strerror(errno));
@ -453,7 +453,7 @@ nfs_add_entry(const char *filename, const char *sharepath,
if (linux_opts == NULL) if (linux_opts == NULL)
linux_opts = ""; linux_opts = "";
FILE *fp = fopen(filename, "a+"); FILE *fp = fopen(filename, "a+e");
if (fp == NULL) { if (fp == NULL) {
fprintf(stderr, "failed to open %s file: %s", filename, fprintf(stderr, "failed to open %s file: %s", filename,
strerror(errno)); strerror(errno));
@ -489,8 +489,8 @@ nfs_copy_entries(char *filename, const char *mountpoint)
size_t buflen = 0; size_t buflen = 0;
int error = SA_OK; int error = SA_OK;
FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "r"); FILE *oldfp = fopen(ZFS_EXPORTS_FILE, "re");
FILE *newfp = fopen(filename, "w+"); FILE *newfp = fopen(filename, "w+e");
if (newfp == NULL) { if (newfp == NULL) {
fprintf(stderr, "failed to open %s file: %s", filename, fprintf(stderr, "failed to open %s file: %s", filename,
strerror(errno)); strerror(errno));
@ -632,7 +632,7 @@ nfs_is_shared(sa_share_impl_t impl_share)
size_t buflen = 0; size_t buflen = 0;
char *buf = NULL; char *buf = NULL;
FILE *fp = fopen(ZFS_EXPORTS_FILE, "r"); FILE *fp = fopen(ZFS_EXPORTS_FILE, "re");
if (fp == NULL) { if (fp == NULL) {
return (B_FALSE); return (B_FALSE);
} }

View File

@ -107,7 +107,7 @@ smb_retrieve_shares(void)
if (!S_ISREG(eStat.st_mode)) if (!S_ISREG(eStat.st_mode))
continue; continue;
if ((share_file_fp = fopen(file_path, "r")) == NULL) { if ((share_file_fp = fopen(file_path, "re")) == NULL) {
rc = SA_SYSTEM_ERR; rc = SA_SYSTEM_ERR;
goto out; goto out;
} }

View File

@ -45,7 +45,7 @@ get_spl_hostid(void)
return (hostid & HOSTID_MASK); return (hostid & HOSTID_MASK);
} }
f = fopen("/sys/module/spl/parameters/spl_hostid", "r"); f = fopen("/sys/module/spl/parameters/spl_hostid", "re");
if (!f) if (!f)
return (0); return (0);
@ -74,7 +74,7 @@ get_system_hostid(void)
unsigned long hostid; unsigned long hostid;
int hostid_size = 4; /* 4 bytes regardless of arch */ int hostid_size = 4; /* 4 bytes regardless of arch */
fd = open("/etc/hostid", O_RDONLY); fd = open("/etc/hostid", O_RDONLY | O_CLOEXEC);
if (fd >= 0) { if (fd >= 0) {
rc = read(fd, &hostid, hostid_size); rc = read(fd, &hostid, hostid_size);
if (rc > 0) if (rc > 0)

View File

@ -128,9 +128,9 @@ getextmntent(const char *path, struct extmnttab *entry, struct stat64 *statbuf)
#ifdef HAVE_SETMNTENT #ifdef HAVE_SETMNTENT
if ((fp = setmntent(MNTTAB, "r")) == NULL) { if ((fp = setmntent(MNTTAB, "re")) == NULL) {
#else #else
if ((fp = fopen(MNTTAB, "r")) == NULL) { if ((fp = fopen(MNTTAB, "re")) == NULL) {
#endif #endif
(void) fprintf(stderr, "cannot open %s\n", MNTTAB); (void) fprintf(stderr, "cannot open %s\n", MNTTAB);
return (-1); return (-1);

View File

@ -36,12 +36,6 @@
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
#ifdef _LP64
#define TMPPATHFMT "%s/uu%ld"
#else /* _LP64 */
#define TMPPATHFMT "%s/uu%lld"
#endif /* _LP64 */
/*ARGSUSED*/ /*ARGSUSED*/
int int
uu_open_tmp(const char *dir, uint_t uflags) uu_open_tmp(const char *dir, uint_t uflags)
@ -55,7 +49,7 @@ uu_open_tmp(const char *dir, uint_t uflags)
for (;;) { for (;;) {
(void) snprintf(fname, PATH_MAX, "%s/uu%lld", dir, gethrtime()); (void) snprintf(fname, PATH_MAX, "%s/uu%lld", dir, gethrtime());
f = open(fname, O_CREAT | O_EXCL | O_RDWR, 0600); f = open(fname, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC, 0600);
if (f >= 0 || errno != EEXIST) if (f >= 0 || errno != EEXIST)
break; break;

View File

@ -71,7 +71,7 @@ pkcs11_get_urandom(uint8_t *buf, size_t bytes)
int rand; int rand;
ssize_t bytes_read = 0; ssize_t bytes_read = 0;
rand = open("/dev/urandom", O_RDONLY); rand = open("/dev/urandom", O_RDONLY | O_CLOEXEC);
if (rand < 0) if (rand < 0)
return (rand); return (rand);
@ -468,7 +468,7 @@ get_key_material_file(libzfs_handle_t *hdl, const char *uri,
if (strlen(uri) < 7) if (strlen(uri) < 7)
return (EINVAL); return (EINVAL);
if ((f = fopen(uri + 7, "r")) == NULL) { if ((f = fopen(uri + 7, "re")) == NULL) {
ret = errno; ret = errno;
errno = 0; errno = 0;
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, zfs_error_aux(hdl, dgettext(TEXT_DOMAIN,

View File

@ -697,7 +697,7 @@ setup_differ_info(zfs_handle_t *zhp, const char *fromsnap,
{ {
di->zhp = zhp; di->zhp = zhp;
di->cleanupfd = open(ZFS_DEV, O_RDWR); di->cleanupfd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
VERIFY(di->cleanupfd >= 0); VERIFY(di->cleanupfd >= 0);
if (get_snapshot_names(di, fromsnap, tosnap) != 0) if (get_snapshot_names(di, fromsnap, tosnap) != 0)
@ -731,7 +731,7 @@ zfs_show_diffs(zfs_handle_t *zhp, int outfd, const char *fromsnap,
return (-1); return (-1);
} }
if (pipe(pipefd)) { if (pipe2(pipefd, O_CLOEXEC)) {
zfs_error_aux(zhp->zfs_hdl, strerror(errno)); zfs_error_aux(zhp->zfs_hdl, strerror(errno));
teardown_differ_info(&di); teardown_differ_info(&di);
return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf)); return (zfs_error(zhp->zfs_hdl, EZFS_PIPEFAILED, errbuf));

View File

@ -565,7 +565,7 @@ zfs_iter_mounted(zfs_handle_t *zhp, zfs_iter_f func, void *data)
FILE *mnttab; FILE *mnttab;
int err = 0; int err = 0;
if ((mnttab = fopen(MNTTAB, "r")) == NULL) if ((mnttab = fopen(MNTTAB, "re")) == NULL)
return (ENOENT); return (ENOENT);
while (err == 0 && getmntent(mnttab, &entry) == 0) { while (err == 0 && getmntent(mnttab, &entry) == 0) {

View File

@ -4809,13 +4809,11 @@ zpool_load_compat(const char *compatibility,
* as they're only needed if the filename is relative * as they're only needed if the filename is relative
* which will be checked during the openat(). * which will be checked during the openat().
*/ */
#ifdef O_PATH #ifndef O_PATH
sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH); #define O_PATH O_RDONLY
ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH);
#else
sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_RDONLY);
ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_RDONLY);
#endif #endif
sdirfd = open(ZPOOL_SYSCONF_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
ddirfd = open(ZPOOL_DATA_COMPAT_D, O_DIRECTORY | O_PATH | O_CLOEXEC);
(void) strlcpy(filenames, compatibility, ZFS_MAXPROPLEN); (void) strlcpy(filenames, compatibility, ZFS_MAXPROPLEN);
file = strtok_r(filenames, ",", &ps); file = strtok_r(filenames, ",", &ps);

View File

@ -2217,7 +2217,7 @@ zfs_send(zfs_handle_t *zhp, const char *fromsnap, const char *tosnap,
++holdseq; ++holdseq;
(void) snprintf(sdd.holdtag, sizeof (sdd.holdtag), (void) snprintf(sdd.holdtag, sizeof (sdd.holdtag),
".send-%d-%llu", getpid(), (u_longlong_t)holdseq); ".send-%d-%llu", getpid(), (u_longlong_t)holdseq);
sdd.cleanup_fd = open(ZFS_DEV, O_RDWR); sdd.cleanup_fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
if (sdd.cleanup_fd < 0) { if (sdd.cleanup_fd < 0) {
err = errno; err = errno;
goto stderr_out; goto stderr_out;

View File

@ -884,13 +884,13 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
* Setup a pipe between our child and parent process if we're * Setup a pipe between our child and parent process if we're
* reading stdout. * reading stdout.
*/ */
if ((lines != NULL) && pipe(link) == -1) if ((lines != NULL) && pipe2(link, O_CLOEXEC) == -1)
return (-EPIPE); return (-EPIPE);
pid = vfork(); pid = vfork();
if (pid == 0) { if (pid == 0) {
/* Child process */ /* Child process */
devnull_fd = open("/dev/null", O_WRONLY); devnull_fd = open("/dev/null", O_WRONLY | O_CLOEXEC);
if (devnull_fd < 0) if (devnull_fd < 0)
_exit(-1); _exit(-1);
@ -900,15 +900,11 @@ libzfs_run_process_impl(const char *path, char *argv[], char *env[], int flags,
else if (lines != NULL) { else if (lines != NULL) {
/* Save the output to lines[] */ /* Save the output to lines[] */
dup2(link[1], STDOUT_FILENO); dup2(link[1], STDOUT_FILENO);
close(link[0]);
close(link[1]);
} }
if (!(flags & STDERR_VERBOSE)) if (!(flags & STDERR_VERBOSE))
(void) dup2(devnull_fd, STDERR_FILENO); (void) dup2(devnull_fd, STDERR_FILENO);
close(devnull_fd);
if (flags & NO_DEFAULT_PATH) { if (flags & NO_DEFAULT_PATH) {
if (env == NULL) if (env == NULL)
execv(path, argv); execv(path, argv);
@ -1144,7 +1140,7 @@ zfs_path_to_zhandle(libzfs_handle_t *hdl, const char *path, zfs_type_t argtype)
} }
/* Reopen MNTTAB to prevent reading stale data from open file */ /* Reopen MNTTAB to prevent reading stale data from open file */
if (freopen(MNTTAB, "r", hdl->libzfs_mnttab) == NULL) if (freopen(MNTTAB, "re", hdl->libzfs_mnttab) == NULL)
return (NULL); return (NULL);
if (getextmntent(path, &entry, &statbuf) != 0) if (getextmntent(path, &entry, &statbuf) != 0)

View File

@ -62,7 +62,7 @@ zpool_relabel_disk(libzfs_handle_t *hdl, const char *path, const char *msg)
{ {
int fd, error; int fd, error;
if ((fd = open(path, O_RDWR|O_DIRECT)) < 0) { if ((fd = open(path, O_RDWR|O_DIRECT|O_CLOEXEC)) < 0) {
zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "cannot " zfs_error_aux(hdl, dgettext(TEXT_DOMAIN, "cannot "
"relabel '%s': unable to open device: %d"), path, errno); "relabel '%s': unable to open device: %d"), path, errno);
return (zfs_error(hdl, EZFS_OPENFAILED, msg)); return (zfs_error(hdl, EZFS_OPENFAILED, msg));
@ -107,7 +107,7 @@ read_efi_label(nvlist_t *config, diskaddr_t *sb)
(void) snprintf(diskname, sizeof (diskname), "%s%s", DISK_ROOT, (void) snprintf(diskname, sizeof (diskname), "%s%s", DISK_ROOT,
strrchr(path, '/')); strrchr(path, '/'));
if ((fd = open(diskname, O_RDONLY|O_DIRECT)) >= 0) { if ((fd = open(diskname, O_RDONLY|O_DIRECT|O_CLOEXEC)) >= 0) {
struct dk_gpt *vtoc; struct dk_gpt *vtoc;
if ((err = efi_alloc_and_read(fd, &vtoc)) >= 0) { if ((err = efi_alloc_and_read(fd, &vtoc)) >= 0) {
@ -159,7 +159,7 @@ zpool_label_disk_check(char *path)
struct dk_gpt *vtoc; struct dk_gpt *vtoc;
int fd, err; int fd, err;
if ((fd = open(path, O_RDONLY|O_DIRECT)) < 0) if ((fd = open(path, O_RDONLY|O_DIRECT|O_CLOEXEC)) < 0)
return (errno); return (errno);
if ((err = efi_alloc_and_read(fd, &vtoc)) != 0) { if ((err = efi_alloc_and_read(fd, &vtoc)) != 0) {
@ -190,7 +190,7 @@ zpool_label_name(char *label_name, int label_size)
uint64_t id = 0; uint64_t id = 0;
int fd; int fd;
fd = open("/dev/urandom", O_RDONLY); fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC);
if (fd >= 0) { if (fd >= 0) {
if (read(fd, &id, sizeof (id)) != sizeof (id)) if (read(fd, &id, sizeof (id)) != sizeof (id))
id = 0; id = 0;
@ -241,7 +241,7 @@ zpool_label_disk(libzfs_handle_t *hdl, zpool_handle_t *zhp, const char *name)
(void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, name); (void) snprintf(path, sizeof (path), "%s/%s", DISK_ROOT, name);
if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL)) < 0) { if ((fd = open(path, O_RDWR|O_DIRECT|O_EXCL|O_CLOEXEC)) < 0) {
/* /*
* This shouldn't happen. We've long since verified that this * This shouldn't happen. We've long since verified that this
* is a valid device. * is a valid device.

View File

@ -35,7 +35,7 @@
void void
libzfs_set_pipe_max(int infd) libzfs_set_pipe_max(int infd)
{ {
FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "r"); FILE *procf = fopen("/proc/sys/fs/pipe-max-size", "re");
if (procf != NULL) { if (procf != NULL) {
unsigned long max_psize; unsigned long max_psize;

View File

@ -143,7 +143,7 @@ libzfs_load_module_impl(const char *module)
start = gethrtime(); start = gethrtime();
do { do {
fd = open(ZFS_DEV, O_RDWR); fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
if (fd >= 0) { if (fd >= 0) {
(void) close(fd); (void) close(fd);
return (0); return (0);
@ -195,7 +195,7 @@ zfs_version_kernel(char *version, int len)
int fd; int fd;
int rlen; int rlen;
if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY)) == -1) if ((fd = open(ZFS_SYSFS_DIR "/version", O_RDONLY | O_CLOEXEC)) == -1)
return (-1); return (-1);
if ((rlen = read(fd, version, len)) == -1) { if ((rlen = read(fd, version, len)) == -1) {

View File

@ -723,15 +723,15 @@ lowbit64(uint64_t i)
return (__builtin_ffsll(i)); return (__builtin_ffsll(i));
} }
char *random_path = "/dev/random"; const char *random_path = "/dev/random";
char *urandom_path = "/dev/urandom"; const char *urandom_path = "/dev/urandom";
static int random_fd = -1, urandom_fd = -1; static int random_fd = -1, urandom_fd = -1;
void void
random_init(void) random_init(void)
{ {
VERIFY((random_fd = open(random_path, O_RDONLY)) != -1); VERIFY((random_fd = open(random_path, O_RDONLY | O_CLOEXEC)) != -1);
VERIFY((urandom_fd = open(urandom_path, O_RDONLY)) != -1); VERIFY((urandom_fd = open(urandom_path, O_RDONLY | O_CLOEXEC)) != -1);
} }
void void

View File

@ -259,7 +259,7 @@ pool_active(void *unused, const char *name, uint64_t guid,
* Use ZFS_IOC_POOL_SYNC to confirm if a pool is active * Use ZFS_IOC_POOL_SYNC to confirm if a pool is active
*/ */
fd = open(ZFS_DEV, O_RDWR); fd = open(ZFS_DEV, O_RDWR | O_CLOEXEC);
if (fd < 0) if (fd < 0)
return (-1); return (-1);

View File

@ -127,7 +127,7 @@ zpool_open_func(void *arg)
/* /*
* O_NONBLOCK so we don't hang trying to open things like serial ports. * O_NONBLOCK so we don't hang trying to open things like serial ports.
*/ */
if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK)) < 0) if ((fd = open(rn->rn_name, O_RDONLY|O_NONBLOCK|O_CLOEXEC)) < 0)
return; return;
/* /*

View File

@ -390,7 +390,7 @@ zfs_dev_is_whole_disk(const char *dev_name)
struct dk_gpt *label; struct dk_gpt *label;
int fd; int fd;
if ((fd = open(dev_name, O_RDONLY | O_DIRECT)) < 0) if ((fd = open(dev_name, O_RDONLY | O_DIRECT | O_CLOEXEC)) < 0)
return (B_FALSE); return (B_FALSE);
if (efi_alloc_and_init(fd, EFI_NUMPAR, &label) != 0) { if (efi_alloc_and_init(fd, EFI_NUMPAR, &label) != 0) {

View File

@ -136,9 +136,9 @@ zpool_open_func(void *arg)
* cache which may be stale for multipath devices. An EINVAL errno * cache which may be stale for multipath devices. An EINVAL errno
* indicates O_DIRECT is unsupported so fallback to just O_RDONLY. * indicates O_DIRECT is unsupported so fallback to just O_RDONLY.
*/ */
fd = open(rn->rn_name, O_RDONLY | O_DIRECT); fd = open(rn->rn_name, O_RDONLY | O_DIRECT | O_CLOEXEC);
if ((fd < 0) && (errno == EINVAL)) if ((fd < 0) && (errno == EINVAL))
fd = open(rn->rn_name, O_RDONLY); fd = open(rn->rn_name, O_RDONLY | O_CLOEXEC);
if ((fd < 0) && (errno == EACCES)) if ((fd < 0) && (errno == EACCES))
hdl->lpc_open_access_error = B_TRUE; hdl->lpc_open_access_error = B_TRUE;
if (fd < 0) if (fd < 0)

View File

@ -1345,7 +1345,8 @@ zpool_find_import_impl(libpc_handle_t *hdl, importargs_t *iarg,
* would prevent a zdb -e of active pools with * would prevent a zdb -e of active pools with
* no cachefile. * no cachefile.
*/ */
fd = open(slice->rn_name, O_RDONLY | O_EXCL); fd = open(slice->rn_name,
O_RDONLY | O_EXCL | O_CLOEXEC);
if (fd >= 0 || iarg->can_be_active) { if (fd >= 0 || iarg->can_be_active) {
if (fd >= 0) if (fd >= 0)
close(fd); close(fd);
@ -1437,7 +1438,7 @@ zpool_find_import_cached(libpc_handle_t *hdl, importargs_t *iarg)
verify(iarg->poolname == NULL || iarg->guid == 0); verify(iarg->poolname == NULL || iarg->guid == 0);
if ((fd = open(iarg->cachefile, O_RDONLY)) < 0) { if ((fd = open(iarg->cachefile, O_RDONLY | O_CLOEXEC)) < 0) {
zutil_error_aux(hdl, "%s", strerror(errno)); zutil_error_aux(hdl, "%s", strerror(errno));
(void) zutil_error(hdl, EZFS_BADCACHE, (void) zutil_error(hdl, EZFS_BADCACHE,
dgettext(TEXT_DOMAIN, "failed to open cache file")); dgettext(TEXT_DOMAIN, "failed to open cache file"));