From 3a633860745a6e9ba044bd7fa311fcc380ea9610 Mon Sep 17 00:00:00 2001
From: Maria Matejka <mq@ucw.cz>
Date: Wed, 2 Oct 2024 19:42:25 +0200
Subject: [PATCH] Flock: Even more fd cleanup

---
 flock/container.c | 16 +++++++++-------
 1 file changed, 9 insertions(+), 7 deletions(-)

diff --git a/flock/container.c b/flock/container.c
index c8bafa6da..c582a4992 100644
--- a/flock/container.c
+++ b/flock/container.c
@@ -470,12 +470,6 @@ container_start(void)
   log(L_INFO "Requested to start a container, name %s, base %s, work %s",
       ccf.hostname, ccf.basedir, ccf.workdir);
 
-  /* create socketpair before forking to do communication */
-  int fds[2];
-  int e = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, fds);
-  if (e < 0)
-    die("Failed to create internal socketpair: %m");
-
   pid_t pid = fork();
   if (pid < 0)
     die("Failed to fork container (parent): %m");
@@ -505,7 +499,7 @@ container_start(void)
     return;
   }
 
-  e = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWTIME | CLONE_NEWNET);
+  int e = unshare(CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWTIME | CLONE_NEWNET);
   if (e < 0)
     die("Failed to unshare container: %m");
 
@@ -519,6 +513,14 @@ container_start(void)
 #undef FROB
   sigprocmask(SIG_BLOCK, &newmask, &oldmask);
 
+  /* create socketpair before forking to do communication */
+  int fds[2];
+  e = socketpair(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0, fds);
+  if (e < 0)
+    die("Failed to create internal socketpair: %m");
+
+  log("container fork socketpair: %d %d", fds[0], fds[1]);
+
   pid = fork();
   if (pid < 0)
     die("Failed to fork container (child): %m");
-- 
2.47.2