commit 62da1d17b61450e7c91f51c010e419897cf86d02 from: Thomas Adam date: Fri Jul 15 09:57:55 2022 UTC portable: macos: handle SOCK_CLOEXEC MacOS doesn't have SOCK_CLOEXEC, so don't include it in the set of flags for socket(). We probably shouldn't do this, as another approach is to set fcntl(fd, O_CLOEXEC) instead. commit - 117843e4760b30932e07ec1faf71e0d8e8cc3fef commit + 62da1d17b61450e7c91f51c010e419897cf86d02 blob - 9a66f6ba7ddb7546a29900c4fc95a185fe56f657 blob + b66f597ffb9ee2820102c30f3dc427b5e6964718 --- gotwebd/proc.c +++ gotwebd/proc.c @@ -230,8 +230,11 @@ proc_init(struct privsep *ps, struct privsep_proc *pro for (proc = 0; proc < ps->ps_instances[dst]; proc++) { pa = &ps->ps_pipes[PROC_GOTWEBD][0]; pb = &ps->ps_pipes[dst][proc]; - if (socketpair(AF_UNIX, - SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, + int sock_flags = SOCK_STREAM | SOCK_NONBLOCK; +#ifdef SOCK_CLOEXEC + sock_flags |= SOCK_CLOEXEC; +#endif + if (socketpair(AF_UNIX, sock_flags, PF_UNSPEC, fds) == -1) fatal("%s: socketpair", __func__); @@ -423,8 +426,11 @@ proc_open(struct privsep *ps, int src, int dst) pa = &ps->ps_pipes[src][i]; pb = &ps->ps_pipes[dst][j]; - if (socketpair(AF_UNIX, - SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC, + int sock_flags = SOCK_STREAM | SOCK_NONBLOCK; +#ifdef SOCK_CLOEXEC + sock_flags |= SOCK_CLOEXEC; +#endif + if (socketpair(AF_UNIX, sock_flags, PF_UNSPEC, fds) == -1) fatal("%s: socketpair", __func__); blob - d6c6ae4610fffa999ac7595ada5fb92eac62307c blob + db5c23f630c6bd7e85a480ad591aeb67d9da8bbc --- gotwebd/sockets.c +++ gotwebd/sockets.c @@ -491,7 +491,12 @@ sockets_unix_socket_listen(struct privsep *ps, struct return (tsock->fd); } - u_fd = socket(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK| SOCK_CLOEXEC, 0); + /* TA: FIXME: this needs upstreaming. */ + int socket_flags = SOCK_STREAM | SOCK_NONBLOCK; +#ifdef SOCK_CLOEXEC + socket_flags |= SOCK_CLOEXEC; +#endif + u_fd = socket(AF_UNIX, socket_flags, 0); if (u_fd == -1) { log_warn("%s: socket", __func__); return -1;