commit 0fbf6ccc8a35712208f91ab1397cd0b5eb927e6a
from: Stefan Sperling <stsp@stsp.name>
date: Fri Mar 21 16:41:26 2025 UTC

set close-on-exec flag on gotd socket to avoid it leaking during reloads

commit - 5f4e1ba7c031235f36541d39ad34d09bc24fc85c
commit + 0fbf6ccc8a35712208f91ab1397cd0b5eb927e6a
blob - a1a335cee2c4d646b179aead08bfcf06a579fa40
blob + 6b3c18d3082bc5f2ed101b4f4534927f3830c6b4
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -3384,9 +3384,14 @@ main(int argc, char **argv)
 					break;
 				}
 				gotd_socket = imsg_get_fd(&imsg);
-				if (gotd_socket != -1)
+				if (gotd_socket == -1) {
+					error = got_error(
+					    GOT_ERR_PRIVSEP_NO_FD);
 					break;
-				error = got_error(GOT_ERR_PRIVSEP_NO_FD);
+				}
+				if (fcntl(gotd_socket,
+				    F_SETFD, FD_CLOEXEC) == -1)
+					error = got_error_from_errno("fcntl");
 				break;
 			case GOTD_IMSG_RELOAD_SECRETS:
 				if (have_reload_secrets) {