diff options
author | Zach Reizner <zachr@google.com> | 2018-01-02 13:36:57 -0800 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2018-01-03 14:23:23 -0800 |
commit | ce4611cde2d51c49356a9599b3c647e2ce3ee488 (patch) | |
tree | 8ba1f1828a00c5d43800a4f49ea31d696f9ead54 /kvm/src/lib.rs | |
parent | d44320488fd2db344b6b1fd156c22fdf90b82fe2 (diff) | |
download | crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar.gz crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar.bz2 crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar.lz crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar.xz crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.tar.zst crosvm-ce4611cde2d51c49356a9599b3c647e2ce3ee488.zip |
kvm: open /dev/kvm with close on exec
Without this, the KVM FD may leak to child processes. BUG=None TEST=./build_test Change-Id: Ic2f6db6c787d99865c2eefb40ad8993471ee82b2 Reviewed-on: https://chromium-review.googlesource.com/848015 Commit-Ready: Zach Reizner <zachr@chromium.org> Tested-by: Zach Reizner <zachr@chromium.org> Reviewed-by: Stephen Barber <smbarber@chromium.org>
Diffstat (limited to 'kvm/src/lib.rs')
-rw-r--r-- | kvm/src/lib.rs | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/kvm/src/lib.rs b/kvm/src/lib.rs index 30dd499..18699d7 100644 --- a/kvm/src/lib.rs +++ b/kvm/src/lib.rs @@ -17,7 +17,7 @@ use std::collections::hash_map::Entry; use std::os::raw::*; use std::os::unix::io::{AsRawFd, FromRawFd, RawFd}; -use libc::{open, O_RDWR, EINVAL, ENOSPC, ENOENT}; +use libc::{open, O_RDWR, O_CLOEXEC, EINVAL, ENOSPC, ENOENT}; use kvm_sys::*; @@ -62,7 +62,7 @@ impl Kvm { pub fn new() -> Result<Kvm> { // Open calls are safe because we give a constant nul-terminated string and verify the // result. - let ret = unsafe { open("/dev/kvm\0".as_ptr() as *const c_char, O_RDWR) }; + let ret = unsafe { open("/dev/kvm\0".as_ptr() as *const c_char, O_RDWR | O_CLOEXEC) }; if ret < 0 { return errno_result(); } |