The write end of the pipe is closed when envs are written, therefore it
make sense to close read end as well after envs are read. This prevents
fd leaking to the app.
Signed-off-by: Petr Vaněk <arka...@atlas.cz>
---
src/tls/s6tls_sync_and_exec_app.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tls/s6tls_sync_and_exec_app.c
b/src/tls/s6tls_sync_and_exec_app.c
index 5c0180c..145092d 100644
--- a/src/tls/s6tls_sync_and_exec_app.c
+++ b/src/tls/s6tls_sync_and_exec_app.c
@@ -19,6 +19,7 @@ void s6tls_sync_and_exec_app (char const *const *argv, int
const p[4][2], pid_t
if (fd_move(p[3][0], p[1][0]) < 0 || fd_move(p[3][1], p[0][1]) < 0)
strerr_diefu1sys(111, "move file descriptors") ;
r = read(p[2][0], buf, MAXENVSIZE) ;
+ close(p[2][0]) ;
if (r < 0) strerr_diefu1sys(111, "read from handshake notification pipe") ;
if (!r)
{
--
2.35.1
