From a3613d239b9ce02970851e59089afd4db21091a4 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Mon, 25 Nov 2024 08:43:25 +0100
Subject: [PATCH] BUILD: init: use the more portable FD_CLOEXEC for /dev/null

In 3.1-dev10, commit 8dd4efe42f ("MAJOR: mworker: move master-worker
fork in init()"), the FD associated to /dev/null was made CLOEXEC
using O_CLOEXEC. Unfortunately this is not portable on older OSes,
doesn't build on Solaris for example, and was even reported as breaking
moderately old Linux OSes for other projects. Better not use it unless
absolutely certain it will work (currently we only use it for Linux
namespaces, which are optional), and use the conventional FD_CLOEXEC
instead.

No backport is needed.
---
 src/haproxy.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/haproxy.c b/src/haproxy.c
index 4fbead400aecc..a3a36bbb1a75e 100644
--- a/src/haproxy.c
+++ b/src/haproxy.c
@@ -3920,11 +3920,16 @@ int main(int argc, char **argv)
 
 	/* End of initialization for standalone and worker modes */
 	if (!(global.mode & MODE_QUIET) || (global.mode & MODE_VERBOSE)) {
-		devnullfd = open("/dev/null", (O_RDWR | O_CLOEXEC), 0);
+		devnullfd = open("/dev/null", O_RDWR, 0);
 		if (devnullfd < 0) {
 			ha_alert("Cannot open /dev/null\n");
 			exit(EXIT_FAILURE);
 		}
+		if (fcntl(devnullfd, FD_CLOEXEC) != 0) {
+			ha_alert("Cannot make /dev/null CLOEXEC\n");
+			close(devnullfd);
+			exit(EXIT_FAILURE);
+		}
 	}
 
         /* applies the renice value in the worker or standalone after configuration parsing