From e3a6639e270157c4fdc4112a6996c9e7d74acedd Mon Sep 17 00:00:00 2001
From: Eric Wong <normalperson@yhbt.net>
Date: Wed, 1 Apr 2009 11:32:47 -0700
Subject: All IOs created in workers have FD_CLOEXEC set

Prevent subtle leaks here, too.
---
 lib/unicorn.rb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lib/unicorn.rb b/lib/unicorn.rb
index 3bdbb3a..00012f7 100644
--- a/lib/unicorn.rb
+++ b/lib/unicorn.rb
@@ -429,6 +429,7 @@ module Unicorn
       @listeners.each { |sock| sock.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC) }
       ENV.delete('UNICORN_FD')
       @after_fork.call(self, worker.nr) if @after_fork
+      worker.tempfile.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
       @request = HttpRequest.new(logger)
     end
 
@@ -448,6 +449,8 @@ module Unicorn
         @listeners.each { |sock| sock.close rescue nil } # break IO.select
       end
       reopen_logs, (rd, wr) = false, IO.pipe
+      rd.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+      wr.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
       trap(:USR1) { reopen_logs = true; rd.close rescue nil } # break IO.select
       @logger.info "worker=#{worker.nr} ready"
 
@@ -459,6 +462,8 @@ module Unicorn
           @logger.info "worker=#{worker.nr} done rotating logs"
           wr.close rescue nil
           rd, wr = IO.pipe
+          rd.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
+          wr.fcntl(Fcntl::F_SETFD, Fcntl::FD_CLOEXEC)
         end
         # we're a goner in @timeout seconds anyways if tempfile.chmod
         # breaks, so don't trap the exception.  Using fchmod() since
-- 
cgit v1.2.3-24-ge0c7