apparmor: use fopen_cloexec

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
lxc · Jul 25, 2018 · 7e556d1 · 7e556d1
1 parent c68d5b0
commit 7e556d1
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
@@ -32,6 +32,7 @@
 #include "lsm.h"
 #include "conf.h"
 #include "utils.h"
+#include "initutils.h"
 
 lxc_log_define(apparmor, lsm);
 
@@ -68,7 +69,7 @@ static int apparmor_enabled(void)
 	char e;
 	int ret;
 
-	fin = fopen(AA_ENABLED_FILE, "r");
+	fin = fopen_cloexec(AA_ENABLED_FILE, "r");
 	if (!fin)
 		return 0;
 	ret = fscanf(fin, "%c", &e);
@@ -95,7 +96,7 @@ static char *apparmor_process_label_get(pid_t pid)
 		return NULL;
 	}
 again:
-	f = fopen(path, "r");
+	f = fopen_cloexec(path, "r");
 	if (!f) {
 		SYSERROR("opening %s", path);
 		free(buf);