diff -up zabbix-1.8.1/src/libs/zbxcomms/comms.c.cloexec zabbix-1.8.1/src/libs/zbxcomms/comms.c --- zabbix-1.8.1/src/libs/zbxcomms/comms.c.cloexec 2010-01-27 22:22:44.000000000 +0100 +++ zabbix-1.8.1/src/libs/zbxcomms/comms.c 2010-02-01 15:12:47.000000000 +0100 @@ -58,6 +58,10 @@ # define ZBX_SOCKADDR struct sockaddr_in #endif +#ifndef SOCK_CLOEXEC +#define SOCK_CLOEXEC 0 +#endif + /****************************************************************************** * * * Function: zbx_tcp_strerror * @@ -348,11 +352,15 @@ int zbx_tcp_connect(zbx_sock_t *s, goto out; } - if (ZBX_SOCK_ERROR == (s->socket = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol))) { + if (ZBX_SOCK_ERROR == (s->socket = socket(ai->ai_family, ai->ai_socktype | SOCK_CLOEXEC, ai->ai_protocol))) { zbx_set_tcp_strerror("Cannot create socket [%s]:%d [%s]", ip, port ,strerror_from_system(zbx_sock_last_error())); goto out; } +#if ! SOCK_CLOEXEC + fcntl(s->socket, F_SETFD, FD_CLOEXEC); +#endif + if (NULL != source_ip) { memset(&hints, 0x00, sizeof(struct addrinfo)); @@ -428,11 +436,15 @@ int zbx_tcp_connect(zbx_sock_t *s, servaddr_in.sin_addr.s_addr = ((struct in_addr *)(hp->h_addr))->s_addr; servaddr_in.sin_port = htons(port); - if (ZBX_SOCK_ERROR == (s->socket = socket(AF_INET,SOCK_STREAM,0))) { + if (ZBX_SOCK_ERROR == (s->socket = socket(AF_INET,SOCK_STREAM | SOCK_CLOEXEC,0))) { zbx_set_tcp_strerror("Cannot create socket [%s:%d] [%s]", ip, port ,strerror_from_system(zbx_sock_last_error())); return FAIL; } +#if ! SOCK_CLOEXEC + fcntl(s->socket, F_SETFD, FD_CLOEXEC); +#endif + if (NULL != source_ip) { source_addr.sin_family = AF_INET; @@ -667,11 +679,15 @@ int zbx_tcp_listen( if((current_ai->ai_family != PF_INET) && (current_ai->ai_family != PF_INET6)) continue; - if((s->sockets[s->num_socks] = socket(current_ai->ai_family, current_ai->ai_socktype, current_ai->ai_protocol)) == ZBX_SOCK_ERROR) { + if((s->sockets[s->num_socks] = socket(current_ai->ai_family, current_ai->ai_socktype | SOCK_CLOEXEC, current_ai->ai_protocol)) == ZBX_SOCK_ERROR) { zbx_set_tcp_strerror("socket() failed with error %d: %s", zbx_sock_last_error(), strerror_from_system(zbx_sock_last_error())); continue; } +#if ! SOCK_CLOEXEC + fcntl(s->sockets[s->num_socks], F_SETFD, FD_CLOEXEC); +#endif + /* Enable address reuse */ /* This is to immediately use the address even if it is in TIME_WAIT state */ /* http://www-128.ibm.com/developerworks/linux/library/l-sockpit/index.html */ @@ -722,12 +738,16 @@ int zbx_tcp_listen( zbx_tcp_clean(s); - if(ZBX_SOCK_ERROR == (s->socket = socket(AF_INET,SOCK_STREAM,0))) + if(ZBX_SOCK_ERROR == (s->socket = socket(AF_INET,SOCK_STREAM | SOCK_CLOEXEC,0))) { zbx_set_tcp_strerror("Cannot create socket [%s:%u] [%s]", listen_ip, listen_port, strerror_from_system(zbx_sock_last_error())); goto out; } +#if ! SOCK_CLOEXEC + fcntl(s->socket, F_SETFD, FD_CLOEXEC); +#endif + /* Enable address reuse */ /* This is to immediately use the address even if it is in TIME_WAIT state */ /* http://www-128.ibm.com/developerworks/linux/library/l-sockpit/index.html */ diff -up zabbix-1.8.1/src/libs/zbxnix/pid.c.cloexec zabbix-1.8.1/src/libs/zbxnix/pid.c --- zabbix-1.8.1/src/libs/zbxnix/pid.c.cloexec 2010-01-27 22:22:44.000000000 +0100 +++ zabbix-1.8.1/src/libs/zbxnix/pid.c 2010-02-01 15:12:47.000000000 +0100 @@ -83,7 +83,11 @@ int create_pid_file(const char *pidfile) /* lock file */ fdpid = fileno(fpid); #ifdef HAVE_FCNTL_H - if(-1 != fdpid) fcntl(fdpid, F_SETLK, &fl); + if(-1 != fdpid) + { + fcntl(fdpid, F_SETLK, &fl); + fcntl(fdpid, F_SETFD, FD_CLOEXEC); + } #else if(-1 != fdpid) flock(fdpid, LOCK_EX); #endif /* HAVE_FCNTL_H */