From 458d79b61abb1a9ad36ce4868cf248ddb21c80a7 Mon Sep 17 00:00:00 2001
From: Ralf Haferkamp <rhafer@suse.de>
Date: Tue, 24 Jan 2017 12:08:46 +0100
Subject: [PATCH] [daemon] Close inherited filedescriptors after forking

We don't want to keep listening on the parent's sockets (e.g. when
started by neutron-openvswitch agent) after forking the rootwrap
daemon.

Closes-Bug: #1658973
Change-Id: I3e364e9d3ad4e2fcd6f4d8f52f847ec9fa944572
---
 oslo_rootwrap/client.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/oslo_rootwrap/client.py b/oslo_rootwrap/client.py
index dec161e..b19d97f 100644
--- a/oslo_rootwrap/client.py
+++ b/oslo_rootwrap/client.py
@@ -62,7 +62,8 @@ class Client(object):
         process_obj = subprocess.Popen(self._start_command,
                                        stdin=subprocess.PIPE,
                                        stdout=subprocess.PIPE,
-                                       stderr=subprocess.PIPE)
+                                       stderr=subprocess.PIPE,
+                                       close_fds=True)
         LOG.debug("Popen for %s command has been instantiated",
                   self._start_command)