diff --git a/src/lib_base/unix/file_descriptor_sink.ml b/src/lib_base/unix/file_descriptor_sink.ml index 6cae731244b2ef7cf1003e90bd907efe2e4f2992..fcb63c38b4f11f61f423f3cb1e360fd6f3dc9abc 100644 --- a/src/lib_base/unix/file_descriptor_sink.ml +++ b/src/lib_base/unix/file_descriptor_sink.ml @@ -480,7 +480,7 @@ end) : Internal_event.SINK with type t = t = struct Lwt_result.ok @@ Lwt_unix.( let flags = - [O_WRONLY; O_CREAT] + [O_WRONLY; O_CREAT; O_CLOEXEC] @ if fresh then [O_TRUNC] else [O_APPEND] in let*! fd = openfile fixed_path flags rights in @@ -566,7 +566,7 @@ end) : Internal_event.SINK with type t = t = struct protect (fun () -> Lwt_result.ok @@ Lwt_unix.( - let flags = [O_WRONLY; O_CREAT; O_APPEND] in + let flags = [O_WRONLY; O_CREAT; O_APPEND; O_CLOEXEC] in openfile path flags rights)) in current := {fd; day = today} ; diff --git a/src/lib_base/unix/syslog.ml b/src/lib_base/unix/syslog.ml index 69c6aeffe18764f963457715c1e3188c1535f8be..94c70d0457bf9d1a7cb17280621a1ca3a798647c 100644 --- a/src/lib_base/unix/syslog.ml +++ b/src/lib_base/unix/syslog.ml @@ -169,9 +169,9 @@ let open_fd path = | Unix.S_SOCK -> let logaddr = Unix.ADDR_UNIX path in let fd = - try Lwt_unix.socket Unix.PF_UNIX SOCK_DGRAM 0 + try Lwt_unix.socket ~cloexec:true Unix.PF_UNIX SOCK_DGRAM 0 with Unix.Unix_error (Unix.EPROTOTYPE, _, _) -> - Lwt_unix.socket Unix.PF_UNIX SOCK_STREAM 0 + Lwt_unix.socket ~cloexec:true Unix.PF_UNIX SOCK_STREAM 0 in let* () = Lwt.catch @@ -188,7 +188,7 @@ let open_fd path = | exn -> raise exn) in Lwt.return fd - | Unix.S_FIFO -> Lwt_unix.openfile path [Unix.O_WRONLY] 0o666 + | Unix.S_FIFO -> Lwt_unix.openfile path [Unix.O_WRONLY; O_CLOEXEC] 0o666 | _ -> raise (Syslog_error "invalid log path, not a socket or pipe") (* Write the whole contents of a string on the given file