From 2589ad72faf557cf88b8545209ba39ad149be908 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 21 Feb 2021 19:57:31 +0100
Subject: [PATCH] cgroups: skip and warn about invalid file descriptors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 574e8569a..f9fb38ad7 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1303,6 +1303,9 @@ static int chown_cgroup_wrapper(void *data)
 	for (int i = 0; arg->hierarchies[i]; i++) {
 		int dirfd = arg->hierarchies[i]->dfd_con;
 
+		if (dirfd < 0)
+			return syserrno_set(-EBADF, "Invalid cgroup file descriptor");
+
 		(void)fchowmodat(dirfd, "", destuid, nsgid, 0775);
 
 		/*
-- 
2.47.3