start: close non-needed file descriptors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 7748dbf61ba632d3d44a8f2a98a7933addb34c1e..e25bb23e107c66811c9c5bebdf86e001c0f96ba1 100644 (file)
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1164,16 +1164,17 @@ void resolve_clone_flags(struct lxc_handler *handler)
 static int lxc_spawn(struct lxc_handler *handler)
 {
        int i, flags, ret;
-       const char *name = handler->name;
        char pidstr[20];
        bool wants_to_map_ids;
        int saved_ns_fd[LXC_NS_MAX];
        struct lxc_list *id_map;
        int preserve_mask = 0;
+       const char *name = handler->name;
        bool cgroups_connected = false;
 
        id_map = &handler->conf->id_map;
        wants_to_map_ids = !lxc_list_empty(id_map);
+       memset(saved_ns_fd, -1, sizeof(int) * LXC_NS_MAX);
 
        for (i = 0; i < LXC_NS_MAX; i++)
                if (handler->conf->inherit_ns_fd[i] != -1)
@@ -1410,9 +1411,17 @@ static int lxc_spawn(struct lxc_handler *handler)
 
        lxc_sync_fini(handler);
 
+       for (i = 0; i < LXC_NS_MAX; i++)
+               if (saved_ns_fd[i] != -1)
+                       close(saved_ns_fd[i]);
+
        return 0;
 
 out_delete_net:
+       for (i = 0; i < LXC_NS_MAX; i++)
+               if (saved_ns_fd[i] != -1)
+                       close(saved_ns_fd[i]);
+
        if (cgroups_connected)
                cgroup_disconnect();