contain: use open('abc', O_DIRECTORY|O_CLOEXEC) instead of opendir()

author Robert Swiecki <robert@swiecki.net>

Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)

committer Robert Swiecki <robert@swiecki.net>

Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)
author Robert Swiecki <robert@swiecki.net>
Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)
committer Robert Swiecki <robert@swiecki.net>
Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)
diff --git a/contain.c b/contain.c

index 2d388ecaf03eb6a424f942656a2590d025450c51..2a5ee4957317f2c72725359670235225e222cb24 100644 (file)
--- a/contain.c
+++ b/contain.c
@@ -250,12 +250,18 @@ static bool containMakeFdsCOENaive(struct nsjconf_t *nsjconf)
  
  static bool containMakeFdsCOEProc(struct nsjconf_t *nsjconf)
  {
-       /* Make all fds above stderr close-on-exec */
-       DIR *dir = opendir("/proc/self/fd");
+        int dirfd = open("/proc/self/fd", O_DIRECTORY|O_RDONLY|O_CLOEXEC);
+        if (dirfd == -1) {
+          PLOG_D("open('/proc/self/fd', O_DIRECTORY|O_RDONLY)");
+          return false;
+        }
+       DIR *dir = fdopendir(dirfd);
         if (dir == NULL) {
-               PLOG_D("opendir('/proc/self/fd')");
+               PLOG_W("fdopendir(fd=%d)", dirfd);
+                close(dirfd);
                 return false;
         }
+       /* Make all fds above stderr close-on-exec */
         for (;;) {
                 errno = 0;
                 struct dirent *entry = readdir(dir);
author	Robert Swiecki <robert@swiecki.net>
	Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)
committer	Robert Swiecki <robert@swiecki.net>
	Fri, 9 Jun 2017 12:40:44 +0000 (14:40 +0200)