Close file fds by default, introduce policy->keep_fds_open

The better default is to close them, not keeping them open.

Does not close sockets and pipes to not interfere with IPC.

Issue: #10

exile.c

@@ -1446,7 +1446,20 @@ static void close_file_fds()
 	long max_files = sysconf(_SC_OPEN_MAX);
 	for(long i = 3; i <= max_files; i++)
 	{
-		close((int)i);
+		struct stat statbuf;
+		int fd = (int) max_files;
+		int result = fstat(i, &statbuf);
+		if(result == -1 && errno != EBADF && errno != EACCES)
+		{
+			EXILE_LOG_ERROR("Could not fstat %i: %s\n", fd, strerror(errno));
+			abort();
+		}
+		int type = statbuf.st_mode & S_IFMT;
+		if(type != S_IFIFO && type != S_IFSOCK)
+		{
+			/* No error check, retrying not recommended */
+			close(fd);
+		}
 	}
 }
 
@@ -1509,6 +1522,11 @@ int exile_enable_policy(struct exile_policy *policy)
 		return -EINVAL;
 	}
 
+	if(policy->keep_fds_open != 1)
+	{
+		close_file_fds();
+	}
+
 	if(enter_namespaces(policy->namespace_options) < 0)
 	{
 		EXILE_LOG_ERROR("Error while trying to enter namespaces\n");

exile.h

@@ -364,6 +364,7 @@ struct exile_policy
 	int no_new_privs;
 	int no_fs;
 	int no_new_fds;
+	int keep_fds_open;
 	int namespace_options;
 	int disable_syscall_filter;
 	/* Bind mounts all paths in path_policies into the chroot and applies