tpm2-setup: two fixes for tmpfile handling (systemd#36521)

jamlee-t · Feb 26, 2025 · 9d0df66 · 9d0df66
2 parents d5de148 + d10d5a0
commit 9d0df66
Showing 1 changed file with 2 additions and 10 deletions.
diff --git a/src/tpm2-setup/tpm2-setup.c b/src/tpm2-setup/tpm2-setup.c
@@ -338,7 +338,7 @@ static int run(int argc, char *argv[]) {
         /* Write out public key (note that we only do that as a help to the user, we don't make use of this ever */
         _cleanup_(unlink_and_freep) char *t = NULL;
         _cleanup_fclose_ FILE *f = NULL;
-        r = fopen_tmpfile_linkable(pem_path, O_WRONLY, &t, &f);
+        r = fopen_tmpfile_linkable(pem_path, O_WRONLY|O_CLOEXEC, &t, &f);
         if (r < 0)
                 return log_error_errno(r, "Failed to open SRK public key file '%s' for writing: %m", pem_path);
 
@@ -348,10 +348,6 @@ static int run(int argc, char *argv[]) {
         if (fchmod(fileno(f), 0444) < 0)
                 return log_error_errno(errno, "Failed to adjust access mode of SRK public key file '%s' to 0444: %m", pem_path);
 
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to sync SRK key to disk: %m");
-
         r = flink_tmpfile(f, t, pem_path, LINK_TMPFILE_SYNC|LINK_TMPFILE_REPLACE);
         if (r < 0)
                 return log_error_errno(r, "Failed to move SRK public key file to '%s': %m", pem_path);
@@ -365,7 +361,7 @@ static int run(int argc, char *argv[]) {
         (void) mkdir_parents(tpm2b_public_path, 0755);
 
         /* Now also write this out in TPM2B_PUBLIC format */
-        r = fopen_tmpfile_linkable(tpm2b_public_path, O_WRONLY, &t, &f);
+        r = fopen_tmpfile_linkable(tpm2b_public_path, O_WRONLY|O_CLOEXEC, &t, &f);
         if (r < 0)
                 return log_error_errno(r, "Failed to open SRK public key file '%s' for writing: %m", tpm2b_public_path);
 
@@ -382,10 +378,6 @@ static int run(int argc, char *argv[]) {
         if (fchmod(fileno(f), 0444) < 0)
                 return log_error_errno(errno, "Failed to adjust access mode of SRK public key file '%s' to 0444: %m", tpm2b_public_path);
 
-        r = fflush_and_check(f);
-        if (r < 0)
-                return log_error_errno(r, "Failed to sync SRK key to disk: %m");
-
         r = flink_tmpfile(f, t, tpm2b_public_path, LINK_TMPFILE_SYNC|LINK_TMPFILE_REPLACE);
         if (r < 0)
                 return log_error_errno(r, "Failed to move SRK public key file to '%s': %m", tpm2b_public_path);