Lets match the systemd active socket activation implementation and
ensure that FD_CLOEXEC is set by usin Unix.set_close_on_exec. David
notes oxenstored likely does not exec but there is no harm in being
careful just in case things change in the future.

 tools/ocaml/xenstored/utils.ml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/tools/ocaml/xenstored/utils.ml b/tools/ocaml/xenstored/utils.ml
index 0cfeded..61321c6 100644
--- a/tools/ocaml/xenstored/utils.ml
+++ b/tools/ocaml/xenstored/utils.ml
@@ -78,6 +78,7 @@ let create_regular_unix_socket name =
         Unixext.mkdir_rec (Filename.dirname name) 0o700;
         let sockaddr = Unix.ADDR_UNIX(name) in
         let sock = Unix.socket Unix.PF_UNIX Unix.SOCK_STREAM 0 in
+        Unix.set_close_on_exec sock;
         Unix.bind sock sockaddr;
         Unix.listen sock 1;

