cmueller/ansible
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Open LOG_LOCK file with FD_CLOEXEC to prevent file descriptor leakage

Browse source 
Fixes #5399
This commit is contained in:
James Cammarata 2014-02-10 15:51:52 -06:00
parent bbda98a3ee
commit 3f90020d62
1 changed files with 10 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
lib/ansible/callbacks.py
View file

@ -74,12 +74,19 @@ def get_cowsay_info():
cowsay, noncow = get_cowsay_info() cowsay, noncow = get_cowsay_info()
def log_lockfile(): def log_lockfile():
# create the path for the lockfile and open it
tempdir = tempfile.gettempdir() tempdir = tempfile.gettempdir()
uid = os.getuid() uid = os.getuid()
path = os.path.join(tempdir, ".ansible-lock.%s" % uid) path = os.path.join(tempdir, ".ansible-lock.%s" % uid)
return path lockfile = open(path, 'w')
# use fcntl to set FD_CLOEXEC on the file descriptor,
LOG_LOCK = open(log_lockfile(), 'w') # so that we don't leak the file descriptor later
lockfile_fd = lockfile.fileno()
old_flags = fcntl.fcntl(lockfile_fd, fcntl.F_GETFD)
fcntl.fcntl(lockfile_fd, fcntl.F_SETFD, old_flags | fcntl.FD_CLOEXEC)
return lockfile
LOG_LOCK = log_lockfile()
def log_flock(runner): def log_flock(runner):
if runner is not None: if runner is not None: