fs: make all new mount api fds cloexec by default
This makes all file descriptors returned from new syscalls of the new mount
api cloexec by default.
From a userspace perspective it is rarely the case that fds are supposed to
be inherited across exec. In fact, most of the time userspace either needs
to remember to pass the <SPECIFIC>_CLOEXEC flag along or needs to invoke
fcntl() on the fd to prevent leaking the fd. This is a much bigger issue
than forgetting to remove the cloexec flag to inherit the fd.
For old fd types we can't break userspace. But for new ones we should
whenever reasonable make them cloexec by default (Examples of this policy
are the new seccomp notify fds and also pidfds.). If userspace wants to
inherit fds across exec they can remove the O_CLOEXEC flag and need to opt
in to inheritance explicitly.
Note, this also has the advantage that we can get rid of all the special
flags per file descriptor type for the new mount api. In total this lets us
remove 4 flags:
Signed-off-by: Christian Brauner <email@example.com>
- David Howells <firstname.lastname@example.org>:
- ensure that only O_CLOEXEC is passed so that fd allocation doesn't
break when new flags are added to a syscall
3 files changed