In many places Glib was already trying to get new file descriptors with the close-on-exec flag set in a race-free way, however quite a few sites remained where this wasn't being done - mostly in older code parts.
This MR is an attempt to rectify that and make Glib fully close-on-exec-safe where possible.
The current attempt to close all file descriptors by a g_spawn_* call without G_SPAWN_LEAVE_DESCRIPTORS_OPEN flag is not only rather hacky, it doesn't cover any code that wants to do fork () + exec () directly (including extra libraries used by a Glib consumer),
I've went through calls to the following functions in Glib code:
-
open ()family, -
fopen ()family, -
socket (), -
socketpair (), -
pipe ()family, -
accept (), -
dup ()family, -
recvmsg ().
Converted most of these call sites to set close-on-exec flag in a race-free way.
The remaining ones are either Windows-only or lie between fork () and exec () calls.
With this change Glib should be fully close-on-exec-safe on platforms that support the necessary system calls - this is true of pretty much every modern Linux system.
The MR has been divided into 8 individually described commits to make it easier to review.