Open LOG_LOCK file with FD_CLOEXEC to prevent file descriptor leakage
Fixes #5399
This commit is contained in:
parent
bbda98a3ee
commit
3f90020d62
1 changed files with 10 additions and 3 deletions
|
@ -74,12 +74,19 @@ def get_cowsay_info():
|
||||||
cowsay, noncow = get_cowsay_info()
|
cowsay, noncow = get_cowsay_info()
|
||||||
|
|
||||||
def log_lockfile():
|
def log_lockfile():
|
||||||
|
# create the path for the lockfile and open it
|
||||||
tempdir = tempfile.gettempdir()
|
tempdir = tempfile.gettempdir()
|
||||||
uid = os.getuid()
|
uid = os.getuid()
|
||||||
path = os.path.join(tempdir, ".ansible-lock.%s" % uid)
|
path = os.path.join(tempdir, ".ansible-lock.%s" % uid)
|
||||||
return path
|
lockfile = open(path, 'w')
|
||||||
|
# use fcntl to set FD_CLOEXEC on the file descriptor,
|
||||||
|
# so that we don't leak the file descriptor later
|
||||||
|
lockfile_fd = lockfile.fileno()
|
||||||
|
old_flags = fcntl.fcntl(lockfile_fd, fcntl.F_GETFD)
|
||||||
|
fcntl.fcntl(lockfile_fd, fcntl.F_SETFD, old_flags | fcntl.FD_CLOEXEC)
|
||||||
|
return lockfile
|
||||||
|
|
||||||
LOG_LOCK = open(log_lockfile(), 'w')
|
LOG_LOCK = log_lockfile()
|
||||||
|
|
||||||
def log_flock(runner):
|
def log_flock(runner):
|
||||||
if runner is not None:
|
if runner is not None:
|
||||||
|
|
Loading…
Reference in a new issue