int dont_close[n_fds + 3];
uid_t uid = (uid_t) -1;
gid_t gid = (gid_t) -1;
- sigset_t ss;
int i, err;
/* child */
if (context->ignore_sigpipe)
ignore_signals(SIGPIPE, -1);
- assert_se(sigemptyset(&ss) == 0);
- if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) {
- err = -errno;
+ err = reset_signal_mask();
+ if (err < 0) {
r = EXIT_SIGNAL_MASK;
goto fail_child;
}
}
/* We repeat the fd closing here, to make sure that
- * nothing is leaked from the PAM modules */
+ * nothing is leaked from the PAM modules. Note that
+ * we are more aggressive this time since socket_fd
+ * and the netns fds we don#t need anymore. */
err = close_all_fds(fds, n_fds);
if (err >= 0)
err = shift_fds(fds, n_fds);