From 0b8e876fbda6d7198b483ac7a96169e78f97e519 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 12 Apr 2021 17:23:24 +0200
Subject: [PATCH 1/2] attach: don't return early when calculating namespaces
 via pidfd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/attach.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 24590cf21..04c8efc60 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -534,9 +534,6 @@ static int __prepare_namespaces_pidfd(struct attach_context *ctx)
 	for (int i = 0; i < LXC_NS_MAX; i++) {
 		int ret;
 
-		if (!(ctx->ns_inherited & ns_info[i].clone_flag))
-			continue;
-
 		ret = same_nsfd(ctx->dfd_self_pid,
 				ctx->dfd_init_pid,
 				ns_info[i].proc_path);
@@ -545,10 +542,11 @@ static int __prepare_namespaces_pidfd(struct attach_context *ctx)
 			__fallthrough;
 		case 1:
 			ctx->ns_inherited &= ~ns_info[i].clone_flag;
-			break;
+			TRACE("Shared %s namespace doesn't need attach", ns_info[i].proc_name);
+			continue;
 		case 0:
-			TRACE("Shared %s namespace needs attach", ns_info[i].proc_name);
-			break;
+			TRACE("Different %s namespace needs attach", ns_info[i].proc_name);
+			continue;
 		}
 
 		return syserror("Failed to determine whether %s namespace is shared",

From 09a83db55bf54f6afbde166f7edbe6bc68b90b67 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Mon, 12 Apr 2021 17:50:39 +0200
Subject: [PATCH 2/2] Revert "rexec: mark all fds as close-on-exec if possible"

This reverts commit 531d36ad009325b74a105d9d6956e320f37b2937.

Callers might want to explicilty inhert file descriptors so we can't
close them behind their back when we exec.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/rexec.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c
index 508d7eadc..060df680e 100644
--- a/src/lxc/rexec.c
+++ b/src/lxc/rexec.c
@@ -162,9 +162,6 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name)
 	if (execfd < 0)
 		return;
 
-	ret = close_range(STDERR_FILENO + 1, MAX_FILENO, CLOSE_RANGE_CLOEXEC);
-	if (ret && (errno != ENOSYS && errno != EINVAL))
-		fprintf(stderr, "%m - Failed to mark all file descriptors as close-on-exec\n");
 	fexecve(execfd, argv, envp);
 }