From: Môshe van der Sterre <me@moshe.nl>
Date: Mon, 20 Apr 2009 20:10:59 +0000 (+0200)
Subject: prevent tty fd to be inherited in the container
X-Git-Tag: lxc_0_6_2~18
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b035ad62e6f5f8a706c8e8c21405b5ef6b4d58d6;p=thirdparty%2Flxc.git

prevent tty fd to be inherited in the container

Set the close on exec flag on the pty fd so they are automatically
closed when execing the container.

Signed-off-by: Môshe van der Sterre <me@moshe.nl>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6c3476af0..5ef350d9b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1738,6 +1738,10 @@ int lxc_create_tty(const char *name, struct lxc_tty_info *tty_info)
 			goto out_free;
 		}
 
+                /* Prevent leaking the file descriptors to the container */
+		fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
+		fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
+
 		pty_info->busy = 0;
 	}