Add various APIs that set the close-on-exec flag atomically with allocating a file descriptor. These can be used to avoid undesirably passing file descriptors to child processes if threads or signal handlers call fork and exec. Some existing software will use the new features if present or will even refuse to compile without them.
A few are already in POSIX.1-2008. Many are proposed in http://austingroupbugs.net/view.php?id=411 (enough for all POSIX functionality). A few more are in glibc, which appears to have a complete implementation, summarized in http://udrepper.livejournal.com/20407.html. Solaris 11 added one new API but does not appear to have a particularly complete implementation of the rest. NetBSD has a fairly complete implementation but no accept4().
Some of the new APIs also allow enabling non-blocking mode with a flag.
The release column indicates which releases have or will have the feature. Subsequent minor releases of the same major version (branch) will also have the feature, and if a .0 release has the feature, later branches will also have the feature.
New API |
Defined by |
Done? |
Release |
open() O_CLOEXEC |
POSIX.1-2008 |
yes |
8.3, 9.0 |
posix_openpt() O_CLOEXEC |
Austin group #411 |
yes |
9.2, 10.0 |
fopen() 'e' mode |
Austin group #411 |
yes |
9.3, 10.0 |
freopen() 'e' mode |
Austin group #411 |
yes |
9.3, 10.0 |
fcntl() F_DUPFD_CLOEXEC |
POSIX.1-2008 |
yes |
8.4, 9.2, 10.0 |
fcntl() F_DUP2FD_CLOEXEC |
Solaris 11 |
yes |
8.4, 9.2, 10.0 |
dup3() |
Austin group #411 |
yes |
10.0 |
posix_spawn_file_actions_adddup2() can clear FD_CLOEXEC |
Austin group #411 |
yes |
8.0 |
pipe2() |
Austin group #411 |
yes |
10.0 |
popen() 'e' mode |
Austin group #411 |
yes |
10.0 |
socket() SOCK_CLOEXEC and SOCK_NONBLOCK |
Austin group #411 |
yes |
10.0 |
socketpair() SOCK_CLOEXEC and SOCK_NONBLOCK |
Austin group #411 |
yes |
10.0 |
recvmsg() MSG_CMSG_CLOEXEC |
Austin group #411 |
yes |
10.0 |
accept4() |
Austin group #411 |
yes |
10.0 |
mkostemp() |
Austin group #411 |
yes |
10.0 |
mkostemps() |
glibc |
yes |
10.0 |
kqueue1() |
NetBSD |
no |
|
extension for sctp_peeloff() |
noone |
no |
|
extension for /dev/crypto |
noone |
no |
There is no new API for dup() and tmpfile(). Code based on fcntl(F_DUPFD_CLOEXEC) and mkostemp() should be used instead.
The related http://austingroupbugs.net/view.php?id=368 basically requires that libc uses these new APIs for internal file descriptors. This is partially done.