Skip to content

Commit

Permalink
Set SOCK_CLOEXEC on netlink socket (#165)
Browse files Browse the repository at this point in the history 
Set `SOCK_CLOEXEC` when creating the socket to avoid leaking file
descriptors.

Signed-off-by: Noel Georgi <git@frezbo.dev>
  • Loading branch information
@frezbo
frezbo authored Nov 4, 2024
1 parent f626137 commit 1df86e7
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Changed

- Fix panic in `parseSockaddr` for malformed socket address. [#152](https://github.com/elastic/go-libaudit/pull/152)
- Set `SOCK_CLOEXEC` when creating the netlink socket to avoid leaking file descriptors. [#165](https://github.com/elastic/go-libaudit/pull/165)

### Removed

Expand Down
2 changes: 1 addition & 1 deletion netlink.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,7 +77,7 @@ type NetlinkClient struct {
//
// The returned NetlinkClient must be closed with Close() when finished.
func NewNetlinkClient(proto int, groups uint32, readBuf []byte, resp io.Writer) (*NetlinkClient, error) {
s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, proto)
s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW|syscall.SOCK_CLOEXEC, proto)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 1df86e7

Please sign in to comment.