From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sun, 29 Oct 2017 12:07:46 +0000 (+0100)
Subject: start: close non-needed file descriptors
X-Git-Tag: lxc-3.0.0.beta1~201^2~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6e5fc7a5c7d264989fd1df256d0929a9cd3d382f;p=thirdparty%2Flxc.git

start: close non-needed file descriptors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 7748dbf61..e25bb23e1 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1164,16 +1164,17 @@ void resolve_clone_flags(struct lxc_handler *handler)
 static int lxc_spawn(struct lxc_handler *handler)
 {
 	int i, flags, ret;
-	const char *name = handler->name;
 	char pidstr[20];
 	bool wants_to_map_ids;
 	int saved_ns_fd[LXC_NS_MAX];
 	struct lxc_list *id_map;
 	int preserve_mask = 0;
+	const char *name = handler->name;
 	bool cgroups_connected = false;
 
 	id_map = &handler->conf->id_map;
 	wants_to_map_ids = !lxc_list_empty(id_map);
+	memset(saved_ns_fd, -1, sizeof(int) * LXC_NS_MAX);
 
 	for (i = 0; i < LXC_NS_MAX; i++)
 		if (handler->conf->inherit_ns_fd[i] != -1)
@@ -1410,9 +1411,17 @@ static int lxc_spawn(struct lxc_handler *handler)
 
 	lxc_sync_fini(handler);
 
+	for (i = 0; i < LXC_NS_MAX; i++)
+		if (saved_ns_fd[i] != -1)
+			close(saved_ns_fd[i]);
+
 	return 0;
 
 out_delete_net:
+	for (i = 0; i < LXC_NS_MAX; i++)
+		if (saved_ns_fd[i] != -1)
+			close(saved_ns_fd[i]);
+
 	if (cgroups_connected)
 		cgroup_disconnect();