daemon: Use ‘close_range’ where available.

* nix/libutil/util.cc (closeMostFDs) [HAVE_CLOSE_RANGE]: Use ‘close_range’ when ‘exceptions’ is empty. * config-daemon.ac: Check for <linux/close_range.h> and the ‘close_range’ symbol. Change-Id: I12fa3bde58b003fcce5ea5a1fee1dcf9a92c0359
author: Ludovic Courtès <ludo@gnu.org> 2025-02-11 17:42:37 +0100
committer: Ludovic Courtès <ludo@gnu.org> 2025-03-26 17:57:42 +0100
commit: f03e6eff2f491fbf1a38b36d46c0fe2fdd3e6886 (patch)
tree: 91c7edbe4864fe80d17d7754d7e833dfafb75ef3 /nix
parent: 92205bab4dcf25a9c4dbe08daf0e53c6e608ca3e (diff)
1 files changed, 17 insertions, 6 deletions
diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
index 3206dea11b..eb2d16e1cc 100644
--- a/nix/libutil/util.cc
+++ b/nix/libutil/util.cc
@@ -23,6 +23,10 @@
 #include <sys/prctl.h>
 #endif
 
+#ifdef HAVE_LINUX_CLOSE_RANGE_H
+# include <linux/close_range.h>
+#endif
+
 
 extern char * * environ;
 
@@ -1087,12 +1091,19 @@ string runProgram(Path program, bool searchPath, const Strings & args)
 
 void closeMostFDs(const set<int> & exceptions)
 {
-    int maxFD = 0;
-    maxFD = sysconf(_SC_OPEN_MAX);
-    for (int fd = 0; fd < maxFD; ++fd)
-        if (fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
-            && exceptions.find(fd) == exceptions.end())
-            close(fd); /* ignore result */
+#ifdef HAVE_CLOSE_RANGE
+    if (exceptions.empty())
+	 close_range(3, ~0U, 0);
+    else
+#endif
+    {
+	 int maxFD = 0;
+	 maxFD = sysconf(_SC_OPEN_MAX);
+	 for (int fd = 0; fd < maxFD; ++fd)
+	      if (fd != STDIN_FILENO && fd != STDOUT_FILENO && fd != STDERR_FILENO
+		  && exceptions.find(fd) == exceptions.end())
+		   close(fd); /* ignore result */
+    }
 }
author	Ludovic Courtès <ludo@gnu.org>	2025-02-11 17:42:37 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2025-03-26 17:57:42 +0100
commit	f03e6eff2f491fbf1a38b36d46c0fe2fdd3e6886 (patch)
tree	91c7edbe4864fe80d17d7754d7e833dfafb75ef3 /nix
parent	92205bab4dcf25a9c4dbe08daf0e53c6e608ca3e (diff)