On Fri, Oct 25, 2024 at 02:08:11PM +0200, Stefano Brivio wrote:In pcap_init(), we open the packet capture file with O_CLOEXEC only when possible. In logfile_init() and pidfile_open(), the fact that we pass a third 'mode' argument to open() seems to confuse the android-cloexec-open checker in LLVM versions from 16 to 19 (at least). The checker is suggesting to add O_CLOEXEC to 'mode', and not in 'flags', where we already have it. Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com> --- log.c | 4 ++++ pcap.c | 1 + util.c | 4 ++++ 3 files changed, 9 insertions(+) diff --git a/log.c b/log.c index 6932885..154466f 100644 --- a/log.c +++ b/log.c @@ -416,7 +416,11 @@ void logfile_init(const char *name, const char *path, size_t size) if (readlink("/proc/self/exe", exe, PATH_MAX - 1) < 0) die_perror("Failed to read own /proc/self/exe link"); + /* We use O_CLOEXEC here, but clang-tidy as of LLVM 16 to 19 looks for + * it in the 'mode' argument if we have one, so... + */ log_file = open(path, O_CREAT | O_TRUNC | O_APPEND | O_RDWR | O_CLOEXEC, + /* NOLINTNEXTLINE(android-cloexec-open) */ S_IRUSR | S_IWUSR); if (log_file == -1) die_perror("Couldn't open log file %s", path); diff --git a/pcap.c b/pcap.c index 6ee6cdf..6753cfb 100644 --- a/pcap.c +++ b/pcap.c @@ -167,6 +167,7 @@ void pcap_init(struct ctx *c) return; flags |= c->foreground ? O_CLOEXEC : 0; + /* NOLINTNEXTLINE(android-cloexec-open): ...only where possible */Hmm... why do we need the conditional on c->foreground? It's close-on-exec(), not close-on-fork() or close-on-daemonize().pcap_fd = open(c->pcap, flags, S_IRUSR | S_IWUSR); if (pcap_fd == -1) { perror("open"); diff --git a/util.c b/util.c index 9cb705e..75aee81 100644 --- a/util.c +++ b/util.c @@ -419,7 +419,11 @@ int pidfile_open(const char *path) if (!*path) return -1; + /* We use O_CLOEXEC here, but clang-tidy as of LLVM 16 to 19 looks for + * it in the 'mode' argument if we have one + */ if ((fd = open(path, O_CREAT | O_TRUNC | O_WRONLY | O_CLOEXEC, + /* NOLINTNEXTLINE(android-cloexec-open) */ S_IRUSR | S_IWUSR)) < 0) { perror("PID file open"); exit(EXIT_FAILURE);-- David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson