On Tue, Jun 07, 2016 at 12:01:31PM +0200, Benoit Garnier wrote: > You can always open /dev/null before chrooting and dup() it into FD 0 and 1 > after chroot() has been called.
I'd be more tempted to simply close those FDs after the fork(). That may improve the ability to detect faulty scripts which try to dump GBs of data. A very long time ago I've seen a health check perform an LDAP search retrieving all the hundreds of thousands of members of a group, and the people in charge for the server were complaining that the health checks were hurting the server... Better have the script fail with a broken pipe in this case. Just a suggestion. Willy
