The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/7167
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
From 73b555a00be089dced1bd49b7892e3805ea9b0dc Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brau...@ubuntu.com>
Date: Fri, 10 Apr 2020 00:16:11 +0200
Subject: [PATCH] forkexec: mark fd cloexec so the attaching process doesn't
inherit it
Signed-off-by: Christian Brauner <christian.brau...@ubuntu.com>
---
lxd/main_forkexec.go | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/lxd/main_forkexec.go b/lxd/main_forkexec.go
index 7133ef9108..ea2451e8df 100644
--- a/lxd/main_forkexec.go
+++ b/lxd/main_forkexec.go
@@ -100,6 +100,28 @@ static int push_vargs(char ***list, char *entry)
return 0;
}
+static int fd_cloexec(int fd, bool cloexec)
+{
+ int oflags, nflags;
+
+ oflags = fcntl(fd, F_GETFD, 0);
+ if (oflags < 0)
+ return -errno;
+
+ if (cloexec)
+ nflags = oflags | FD_CLOEXEC;
+ else
+ nflags = oflags & ~FD_CLOEXEC;
+
+ if (nflags == oflags)
+ return 0;
+
+ if (fcntl(fd, F_SETFD, nflags) < 0)
+ return -errno;
+
+ return 0;
+}
+
// We use a separate function because cleanup macros are called during stack
// unwinding if I'm not mistaken and if the compiler knows it exits it won't
// call them. That's not a problem since we're exiting but I just like to be on
@@ -169,6 +191,10 @@ __attribute__ ((noinline)) static int __forkexec(void)
if (!argvp || !*argvp)
return log_error(EXIT_FAILURE, "No command specified");
+ ret = fd_cloexec(status_pipe, true);
+ if (ret)
+ return EXIT_FAILURE;
+
c = lxc_container_new(name, lxcpath);
if (!c)
return EXIT_FAILURE;
_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
