When namespaces are used in the configuration, the respective namespace handles
are opened during config parsing and stored in an ebtree for lookup later.
Unfortunately, when the master process re-execs itself these file descriptors
were not closed, effectively leaking the fds and preventing destruction of
namespaces no longer present in the configuration.
This change fixes this issue by opening the namespace file handles as
close-on-exec, making sure that they will be closed during re-exec.
---
src/namespace.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/namespace.c b/src/namespace.c
index 8a2e5a7b1..cfb81ba0f 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -24,7 +24,7 @@ static int open_named_namespace(const char *ns_name)
{
if (chunk_printf(&trash, "/var/run/netns/%s", ns_name) < 0)
return -1;
- return open(trash.area, O_RDONLY);
+ return open(trash.area, O_RDONLY | O_CLOEXEC);
}
static int default_namespace = -1;
@@ -33,7 +33,7 @@ static int init_default_namespace()
{
if (chunk_printf(&trash, "/proc/%d/ns/net", getpid()) < 0)
return -1;
- default_namespace = open(trash.area, O_RDONLY);
+ default_namespace = open(trash.area, O_RDONLY | O_CLOEXEC);
return default_namespace;
}
--
2.23.0
