commit 1b9031f1fccde6f61363328c6efebf045dd97dec
from: Omar Polo <op@omarpolo.com>
date: Tue Jun 13 10:59:46 2023 UTC

work around missing SOCK_NONBLOCK/CLOEXEC on macos

commit - 94893746ae158901a4896039a0c0dc29ca008d54
commit + 1b9031f1fccde6f61363328c6efebf045dd97dec
blob - 171a58e15dca3bd197db1b531ac2362735fd7be2
blob + b9e45f082c4569f45b3ac34aede87d108efc8369
--- proc.c
+++ proc.c
@@ -238,9 +238,15 @@ proc_init(struct privsep *ps, struct privsep_proc *pro
 				pa = &ps->ps_pipes[PROC_PARENT][0];
 				pb = &ps->ps_pipes[dst][proc];
 				if (socketpair(AF_UNIX,
-				    SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC,
+				    SOCK_STREAM,
 				    PF_UNSPEC, fds) == -1)
 					fatal("%s: socketpair", __func__);
+
+				mark_nonblock(fds[0]);
+				mark_nonblock(fds[1]);
+				if (fcntl(fds[0], F_SETFD, FD_CLOEXEC) == -1 ||
+				    fcntl(fds[1], F_SETFD, FD_CLOEXEC) == -1)
+					fatal("%s: fcntl F_SETFD", __func__);
 
 				pa->pp_pipes[dst][proc] = fds[0];
 				pb->pp_pipes[PROC_PARENT][0] = fds[1];
@@ -432,9 +438,15 @@ proc_open(struct privsep *ps, int src, int dst)
 			pa = &ps->ps_pipes[src][i];
 			pb = &ps->ps_pipes[dst][j];
 			if (socketpair(AF_UNIX,
-			    SOCK_STREAM | SOCK_NONBLOCK | SOCK_CLOEXEC,
+			    SOCK_STREAM,
 			    PF_UNSPEC, fds) == -1)
 				fatal("%s: socketpair", __func__);
+
+			mark_nonblock(fds[0]);
+			mark_nonblock(fds[1]);
+			if (fcntl(fds[0], F_SETFD, FD_CLOEXEC) == -1 ||
+			    fcntl(fds[1], F_SETFD, FD_CLOEXEC) == -1)
+				fatal("%s: fcntl F_SETFD", __func__);
 
 			pa->pp_pipes[dst][j] = fds[0];
 			pb->pp_pipes[src][i] = fds[1];