Do not leak outside root dir fd into the child.

Also adds O_CLOEXEC to all open calls to be on the safe side.  In the
future, we should look into doing some sanity checks before execve like
Chromium's sandbox does:
https://code.google.com/p/chromium/codesearch#chromium/src/sandbox/linux/services/credentials.cc&l=320

If we want to further prevent people from shooting themselves in the
foot, we could also check that no fds are open, except for duping
/dev/null over 0, 1, and 2.

TEST=Built and tested that an fd to / is not leaked.

Bug: None
Change-Id: I41993a6aec9ce48bd34d191c3949f313ba80ca73
1 file changed