Add various APIs that set the close-on-exec flag atomically with allocating a file descriptor. These can be used to avoid undesirably passing file descriptors to child processes if threads or signal handlers call fork and exec. Some existing software will use the new features if present or will even refuse to compile without them.

A few are already in POSIX.1-2008. Many are proposed in http://austingroupbugs.net/view.php?id=411 (enough for all POSIX functionality). A few more are in glibc, which appears to have a complete implementation, summarized in http://udrepper.livejournal.com/20407.html. Solaris 11 added one new API but does not appear to have a particularly complete implementation of the rest. NetBSD has a fairly complete implementation but no accept4().

Some of the new APIs also allow enabling non-blocking mode with a flag.

The release column indicates which releases have or will have the feature. Subsequent minor releases of the same major version (branch) will also have the feature, and if a .0 release has the feature, later branches will also have the feature.

New API

Defined by

Done?

Release

open() O_CLOEXEC

POSIX.1-2008

yes

8.3, 9.0

posix_openpt() O_CLOEXEC

Austin group #411

yes

9.2, 10.0

fopen() 'e' mode

Austin group #411

yes

9.3, 10.0

freopen() 'e' mode

Austin group #411

yes

9.3, 10.0

fcntl() F_DUPFD_CLOEXEC

POSIX.1-2008

yes

8.4, 9.2, 10.0

fcntl() F_DUP2FD_CLOEXEC

Solaris 11

yes

8.4, 9.2, 10.0

dup3()

Austin group #411

yes

10.0

posix_spawn_file_actions_adddup2() can clear FD_CLOEXEC

Austin group #411

yes

8.0

pipe2()

Austin group #411

yes

10.0

popen() 'e' mode

Austin group #411

yes

10.0

socket() SOCK_CLOEXEC and SOCK_NONBLOCK

Austin group #411

yes

10.0

socketpair() SOCK_CLOEXEC and SOCK_NONBLOCK

Austin group #411

yes

10.0

recvmsg() MSG_CMSG_CLOEXEC

Austin group #411

yes

10.0

accept4()

Austin group #411

yes

10.0

mkostemp()

Austin group #411

yes

10.0

mkostemps()

glibc

yes

10.0

kqueue1()

NetBSD

no

extension for sctp_peeloff()

noone

no

extension for /dev/crypto

noone

no

There is no new API for dup() and tmpfile(). Code based on fcntl(F_DUPFD_CLOEXEC) and mkostemp() should be used instead.

The related http://austingroupbugs.net/view.php?id=368 basically requires that libc uses these new APIs for internal file descriptors. This is partially done.

AtomicCloseOnExec (last edited 2013-11-03 19:37:47 by JillesTjoelker)