diff --git a/tap.c b/tap.c index a3ba958..14d9b3d 100644 --- a/tap.c +++ b/tap.c @@ -1136,7 +1136,7 @@ void tap_handler_pasta(struct ctx *c, uint32_t events, */ int tap_sock_unix_open(char *sock_path) { - int fd = socket(AF_UNIX, SOCK_STREAM, 0); + int fd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); struct sockaddr_un addr = { .sun_family = AF_UNIX, }; @@ -1155,7 +1155,8 @@ int tap_sock_unix_open(char *sock_path) UNIX_SOCK_PATH, i)) die_perror("Can't build UNIX domain socket path"); - ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0); + ex = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, + 0); if (ex < 0) die_perror("Failed to check for UNIX domain conflicts"); diff --git a/tcp.c b/tcp.c index a3d48fa..6a98dfa 100644 --- a/tcp.c +++ b/tcp.c @@ -1410,7 +1410,7 @@ static int tcp_conn_new_sock(const struct ctx *c, sa_family_t af) { int s; - s = socket(af, SOCK_STREAM | SOCK_NONBLOCK, IPPROTO_TCP); + s = socket(af, SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, IPPROTO_TCP); if (s > FD_REF_MAX) { close(s); diff --git a/util.c b/util.c index dddef93..3448f30 100644 --- a/util.c +++ b/util.c @@ -183,7 +183,8 @@ void sock_probe_mem(struct ctx *c) int v = INT_MAX / 2, s; socklen_t sl; - if ((s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) { + s = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); + if (s < 0) { c->low_wmem = c->low_rmem = 1; return; }