From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Wed, 3 Feb 2021 08:48:25 +0000 (+0100)
Subject: rexec: mark all fds as close-on-exec if possible
X-Git-Tag: lxc-5.0.0~303^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=531d36ad009325b74a105d9d6956e320f37b2937;p=thirdparty%2Flxc.git

rexec: mark all fds as close-on-exec if possible

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/macro.h b/src/lxc/macro.h
index 22f755fa4..bb8be340f 100644
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -672,4 +672,6 @@ enum {
 
 #define ENOCGROUP2 ENOMEDIUM
 
+#define MAX_FILENO ~0U
+
 #endif /* __LXC_MACRO_H */
diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c
index ba5cc0fe8..501aeedb7 100644
--- a/src/lxc/rexec.c
+++ b/src/lxc/rexec.c
@@ -162,6 +162,9 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name)
 	if (execfd < 0)
 		return;
 
+	ret = close_range(STDERR_FILENO, MAX_FILENO, CLOSE_RANGE_CLOEXEC);
+	if (ret && (errno != ENOSYS && errno != EINVAL))
+		fprintf(stderr, "%m - Failed to mark all file descriptors as close-on-exec\n");
 	fexecve(execfd, argv, envp);
 }