From 57c61f39a0bf0b2e40f58719893a798189f6634f Mon Sep 17 00:00:00 2001
From: teor <teor2345@gmail.com>
Date: Wed, 8 Jul 2015 02:17:31 +1000
Subject: [PATCH] Always use the sandbox in tor_open_cloexec

Use the sandbox in tor_open_cloexec, whether or not O_CLOEXEC is defined.
Patch by "teor". Fix on 0.2.3.1-alpha.
---
 changes/bug16515-sandbox-cloexec | 3 +++
 src/common/compat.c              | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)
 create mode 100644 changes/bug16515-sandbox-cloexec

diff --git a/changes/bug16515-sandbox-cloexec b/changes/bug16515-sandbox-cloexec
new file mode 100644
index 0000000000..2130f85911
--- /dev/null
+++ b/changes/bug16515-sandbox-cloexec
@@ -0,0 +1,3 @@
+  o Minor fixes (sandbox, files):
+    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is defined.
+      Patch by "teor". Fix on 0.2.3.1-alpha.
diff --git a/src/common/compat.c b/src/common/compat.c
index 7e50729c01..68544c8bd5 100644
--- a/src/common/compat.c
+++ b/src/common/compat.c
@@ -150,9 +150,8 @@ int
 tor_open_cloexec(const char *path, int flags, unsigned mode)
 {
   int fd;
-  const char *p = path;
+  const char *p = sandbox_intern_string(path);
 #ifdef O_CLOEXEC
-  p = sandbox_intern_string(path);
   fd = open(p, flags|O_CLOEXEC, mode);
   if (fd >= 0)
     return fd;