On Wed, 2012-03-21 at 13:40 -0700, Maciej Żenczykowski wrote: > But that's a kernel feature, and I don't think we can rely on it being > present in iptables userspace (it has to be backwards compatible to > IMHO at least back to 2.6.9 if at all possible), > and adding the "try with flag, if fails, retry without flag and > manually set it" logic seems overkill. > > I think such details only matter for multithreaded programs with exec races. > Which I don't believe to be the case here. True, but CLOEXEC on iptables... I mean... how is it mandatory ? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
