prevent tty fd to be inherited in the container

Set the close on exec flag on the pty fd so they are automatically
closed when execing the container.

Signed-off-by: Môshe van der Sterre <me@moshe.nl>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6c3476af090ccece78348d7d574f68f89098772f..5ef350d9b2cd4e36d1f0872a1e64eaa36105102b 100644 (file)
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1738,6 +1738,10 @@ int lxc_create_tty(const char *name, struct lxc_tty_info *tty_info)
                        goto out_free;
                }
 
+                /* Prevent leaking the file descriptors to the container */
+               fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
+               fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
+
                pty_info->busy = 0;
        }