From 2174895dfb8473187df5a47b3a113432ac5506e9 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Thu, 8 Dec 2016 23:26:17 +0100 Subject: [PATCH] attach: close lsm label file descriptor Signed-off-by: Christian Brauner --- src/lxc/attach.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/lxc/attach.c b/src/lxc/attach.c index 285ef4d24..e16d3d7dc 100644 --- a/src/lxc/attach.c +++ b/src/lxc/attach.c @@ -941,7 +941,8 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun /* Open LSM fd and send it to child. */ if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) { - int on_exec, labelfd; + int on_exec; + int labelfd = -1; on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? 1 : 0; /* Open fd for the LSM security module. */ labelfd = lsm_openat(procfd, attached_pid, on_exec); @@ -950,6 +951,7 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun /* Send child fd of the LSM security module to write to. */ ret = lxc_abstract_unix_send_fd(ipc_sockets[0], labelfd, NULL, 0); + close(labelfd); if (ret <= 0) { ERROR("Error using IPC to send child LSM fd (4): %s.", strerror(errno)); @@ -957,6 +959,8 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun } } + if (procfd >= 0) + close(procfd); /* now shut down communication with child, we're done */ shutdown(ipc_sockets[0], SHUT_RDWR); close(ipc_sockets[0]); -- 2.47.2