The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/3360
This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Closes https://github.com/checkpoint-restore/criu/issues/1011. Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
From d31031628f75c324e430feafaff876bcc5b5b8db Mon Sep 17 00:00:00 2001 From: Christian Brauner <christian.brau...@ubuntu.com> Date: Tue, 7 Apr 2020 10:36:23 +0200 Subject: [PATCH] start: ensure all file descriptors are closed during exec Closes https://github.com/checkpoint-restore/criu/issues/1011. Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com> --- src/lxc/af_unix.c | 2 +- src/lxc/start.c | 11 +++++------ 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index e17208888a..bf626a109e 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -189,7 +189,7 @@ static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds, msg.msg_iovlen = iovlen; do { - ret = recvmsg(fd, &msg, 0); + ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC); } while (ret < 0 && errno == EINTR); if (ret < 0 || ret == 0) return ret; diff --git a/src/lxc/start.c b/src/lxc/start.c index a25bd0409b..5138fde841 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1039,14 +1039,13 @@ static int do_start(void *data) struct lxc_handler *handler = data; __lxc_unused __do_close int data_sock0 = handler->data_sock[0], data_sock1 = handler->data_sock[1]; - __do_close int status_fd = -EBADF; + __do_close int devnull_fd = -EBADF, status_fd = -EBADF; int ret; uid_t new_uid; gid_t new_gid; struct lxc_list *iterator; uid_t nsuid = 0; gid_t nsgid = 0; - int devnull_fd = -1; lxc_sync_fini_parent(handler); @@ -1401,20 +1400,20 @@ static int do_start(void *data) } } - /* After this call, we are in error because this ops should not return + /* + * After this call, we are in error because this ops should not return * as it execs. */ handler->ops->start(handler, handler->data); out_warn_father: - /* We want the parent to know something went wrong, so we return a + /* + * We want the parent to know something went wrong, so we return a * special error code. */ lxc_sync_wake_parent(handler, LXC_SYNC_ERROR); out_error: - close_prot_errno_disarm(devnull_fd); - return -1; }
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
