From 69e202df88c636deec45430ba24f7be013cb8205 Mon Sep 17 00:00:00 2001
From: Noel Georgi <git@frezbo.dev>
Date: Fri, 1 Nov 2024 23:02:51 +0530
Subject: [PATCH 1/2] chore: set `SOCK_CLOEXEC` on socket

Set `SOCK_CLOEXEC` when creating the socket to avoid leaking file
descriptors.

Signed-off-by: Noel Georgi <git@frezbo.dev>
---
 netlink.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlink.go b/netlink.go
index 932b16f..03302c5 100644
--- a/netlink.go
+++ b/netlink.go
@@ -77,7 +77,7 @@ type NetlinkClient struct {
 //
 // The returned NetlinkClient must be closed with Close() when finished.
 func NewNetlinkClient(proto int, groups uint32, readBuf []byte, resp io.Writer) (*NetlinkClient, error) {
-	s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW, proto)
+	s, err := syscall.Socket(syscall.AF_NETLINK, syscall.SOCK_RAW|syscall.SOCK_CLOEXEC, proto)
 	if err != nil {
 		return nil, err
 	}

From 08f8a975440972c406da682ccbfe04651e0cfe54 Mon Sep 17 00:00:00 2001
From: Andrew Kroh <andrew.kroh@elastic.co>
Date: Mon, 4 Nov 2024 10:28:54 -0500
Subject: [PATCH 2/2] Add changelog entry

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index b8b88c8..81fbcbc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 ### Changed
 
 - Fix panic in `parseSockaddr` for malformed socket address. [#152](https://github.com/elastic/go-libaudit/pull/152)
+- Set `SOCK_CLOEXEC` when creating the netlink socket to avoid leaking file descriptors. [#165](https://github.com/elastic/go-libaudit/pull/165)
 
 ### Removed