On Thu, May 04, 2023 at 09:58:49AM +0100, Robert Swindells wrote: > > David Holland <dholland-t...@netbsd.org> wrote: > >On Sun, Apr 30, 2023 at 09:44:49AM -0400, Mouse wrote: > > > > Close-on-fork is apparently either coming or already here, not sure > > > > which, but it's also per-descriptor. > > > > > > I should probably add that here, then, though use cases will likely be > > > rare. I can think of only one program I wrote where it'd be useful; I > > > created a "close these fds post-fork" data structure internally. > > > >I can't think of any at all; to begin with it's limited to forks that > >don't exec, and unless just using it for convenience as you're > >probably suggesting, it only applies when also using threads, and if > >one's using threads why is one also using forks? So it seems like it's > >limited to badly designed libraries that want to fork behind the > >caller's back instead of setting up their forks at initialization > >time. Or something. > > Or it is needed for a little used application called Firefox.
For a sandbox, something like closefrom is actually much preferred as you don't know what else has opened file descriptors. I really question the sanity of close-on-fork... Joerg