On Wed, 4 Aug 2021 12:22:24 GMT, Thomas Stuefe <stu...@openjdk.org> wrote:
> We should not leak the handle to the jimage file (lib/modules) to childs. > > JDK-8194734 did solve this for windows. We should use FD_CLOEXEC on Posix as > well. > > Note that this only poses a problem when a child process is spawned off not > via `Runtime.exec` but via another route since the spawnhelper closes all > file descriptors. > > --- > test: > > manually verified that lib/modules now has the FD_CLOEXEC flag set. src/java.base/unix/native/libjimage/osSupport_unix.cpp line 41: > 39: */ > 40: jint osSupport::openReadOnly(const char *path) { > 41: return ::open(path, O_CLOEXEC); This is okay but I think it would be useful to know why this one place needs O_CLOEXEC and not others. ------------- PR: https://git.openjdk.java.net/jdk/pull/4991