session: Make sure to mark the socket as CLOEXEC early

2026-03-25 17:13:08 +01:00 · 2026-03-25 17:13:08 +01:00 · 769ca13647
commit 769ca13647
parent 4df95190db
2 changed files with 22 additions and 11 deletions
--- a/src/lib.rs
+++ b/src/lib.rs
@ -73,7 +73,7 @@ impl State {

            // potentially tell the session we are setup now
            if let Err(err) =
-                session::setup_socket(self.common.event_loop_handle.clone(), &self.common)
+                session::run_socket(self.common.event_loop_handle.clone(), &self.common)
            {
                warn!(?err, "Failed to setup cosmic-session communication");
            }
@ -147,6 +147,11 @@ pub fn run(hooks: crate::hooks::Hooks) -> Result<(), Box<dyn Error>> {
    tracy_client::Client::start();

    utils::rlimit::increase_nofile_limit();
+    // This needs to be done before any potential program launches
+    // (e.g. Xwayland) as it handles passed file descriptors.
+    if let Err(err) = session::setup_socket() {
+        warn!("Session error: {:?}", err);
+    };

    // init hook globals
    hooks::HOOKS.set(hooks)
--- a/src/session.rs
+++ b/src/session.rs
@ -72,18 +72,24 @@ pub fn get_env(common: &Common) -> Result<HashMap<String, String>> {
    Ok(env)
 }

-pub fn setup_socket(handle: LoopHandle<State>, common: &Common) -> Result<()> {
+pub fn setup_socket() -> Result<()> {
+    if let Ok(fd_num) = std::env::var("COSMIC_SESSION_SOCK")
+        && let Ok(fd) = fd_num.parse::<RawFd>()
+    {
+        let res = unsafe { set_cloexec(fd) }.with_context(|| "Failed to setup session socket");
+        if res.is_err() {
+            unsafe { rustix::io::close(fd) };
+        }
+        res
+    } else {
+        Ok(())
+    }
+}
+
+pub fn run_socket(handle: LoopHandle<State>, common: &Common) -> Result<()> {
    if let Ok(fd_num) = std::env::var("COSMIC_SESSION_SOCK") {
        if let Ok(fd) = fd_num.parse::<RawFd>() {
-            let mut session_socket = match unsafe { set_cloexec(fd) } {
-                // CLOEXEC worked and we can startup with session IPC
-                Ok(_) => unsafe { UnixStream::from_raw_fd(fd) },
-                // CLOEXEC didn't work, something is wrong with the fd, just close it
-                Err(err) => {
-                    unsafe { rustix::io::close(fd) };
-                    return Err(err).with_context(|| "Failed to setup session socket");
-                }
-            };
+            let mut session_socket = unsafe { UnixStream::from_raw_fd(fd) };

            let env = get_env(common)?;
            let message = serde_json::to_string(&Message::SetEnv { variables: env })