Portability: Close file descriptors in walredo process

[hlinnaka]

trafficstars

See https://github.com/neondatabase/neon/pull/6574#discussion_r1475314808

After that PR, the WAL redo process is now responsible for close all extra file descriptors. Previously, the parent process did it. (The parent process is supposed to use FD_CLOEXEC on all file desriptors, though, so this is just for extra safety.)

We now use close_range(2) in the WAL redo process to do it, but that's Linux-specific. It would be nice to have similar logic for other platforms, mostly macOS because lots of developers use macOS. Other platforms don't have seccomp, so this is only secure on Linux, but it still would be nice for the development environment to be as close as possible to production.

[problame]

For posterity, after the blog post, there was feedback on Twitter about a non-portable macOS flag to close file descriptors: https://x.com/jarredsumner/status/1760406716985025022?s=20

[jcsp]

@hlinnaka I think it's unlikely we're going to work on this: as long as things basically work on MacOS for developer convenience, there isn't much motivation to do security-oriented stuff (and as you say, we already don't have seccomp, so walrerdo on macOS isn't meaningfully contained).