From b035ad62e6f5f8a706c8e8c21405b5ef6b4d58d6 Mon Sep 17 00:00:00 2001
From: =?utf8?q?M=C3=B4she=20van=20der=20Sterre?= <me@moshe.nl>
Date: Mon, 20 Apr 2009 22:10:59 +0200
Subject: [PATCH] prevent tty fd to be inherited in the container
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Set the close on exec flag on the pty fd so they are automatically
closed when execing the container.

Signed-off-by: Môshe van der Sterre <me@moshe.nl>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
---
 src/lxc/conf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 6c3476af0..5ef350d9b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1738,6 +1738,10 @@ int lxc_create_tty(const char *name, struct lxc_tty_info *tty_info)
 			goto out_free;
 		}
 
+                /* Prevent leaking the file descriptors to the container */
+		fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
+		fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
+
 		pty_info->busy = 0;
 	}
 
-- 
2.47.2