rexec: mark all fds as close-on-exec if possible

author Christian Brauner <christian.brauner@ubuntu.com>

Wed, 3 Feb 2021 08:48:25 +0000 (09:48 +0100)

committer Christian Brauner <christian.brauner@ubuntu.com>

Wed, 3 Feb 2021 10:49:47 +0000 (11:49 +0100)
author Christian Brauner <christian.brauner@ubuntu.com>
Wed, 3 Feb 2021 08:48:25 +0000 (09:48 +0100)
committer Christian Brauner <christian.brauner@ubuntu.com>
Wed, 3 Feb 2021 10:49:47 +0000 (11:49 +0100)
diff --git a/src/lxc/macro.h b/src/lxc/macro.h

index 22f755fa4910f7468af2e6a7e594476fbce02d43..bb8be340fa65bb727999d1b3103e84f1d46435e8 100644 (file)
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -672,4 +672,6 @@ enum {
  
  #define ENOCGROUP2 ENOMEDIUM
  
+#define MAX_FILENO ~0U
+
  #endif /* __LXC_MACRO_H */
diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c

index ba5cc0fe8b76f8795da457fa8362c7ddd02d262b..501aeedb7fd27d75dc3dae530f0673673754f7ca 100644 (file)
--- a/src/lxc/rexec.c
+++ b/src/lxc/rexec.c
@@ -162,6 +162,9 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name)
         if (execfd < 0)
                 return;
  
+       ret = close_range(STDERR_FILENO, MAX_FILENO, CLOSE_RANGE_CLOEXEC);
+       if (ret && (errno != ENOSYS && errno != EINVAL))
+               fprintf(stderr, "%m - Failed to mark all file descriptors as close-on-exec\n");
         fexecve(execfd, argv, envp);
  }
author	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 3 Feb 2021 08:48:25 +0000 (09:48 +0100)
committer	Christian Brauner <christian.brauner@ubuntu.com>
	Wed, 3 Feb 2021 10:49:47 +0000 (11:49 +0100)
src/lxc/macro.h		patch \| blob \| blame \| history
src/lxc/rexec.c		patch \| blob \| blame \| history