mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-09-02 12:59:34 +00:00
Code Issues Releases Wiki Activity

hooks: use cloexec everywhere

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner
2021-09-16 14:10:56 +02:00
parent 4e0454beae
commit ef5f183fe8
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hooks/unmount-namespace.c
View File

@@ -110,13 +110,13 @@ static int read_mounts(int procfd, struct mount **mp, size_t *countp) {
*mp = NULL; *mp = NULL;
*countp = 0; *countp = 0;
fd = openat(procfd, "self/mounts", O_RDONLY); fd = openat(procfd, "self/mounts", O_RDONLY | O_CLOEXEC);
if (fd < 0) { if (fd < 0) {
free(mounts); free(mounts);
return 0; return 0;
} }
mf = fdopen(fd, "r"); mf = fdopen(fd, "re");
if (!mf) { if (!mf) {
int error = errno; int error = errno;
close(fd); close(fd);
@@ -188,14 +188,14 @@ int main(int argc, char **argv) {
/* Open a handle to /proc on the host as we need to access /proc/self/mounts /* Open a handle to /proc on the host as we need to access /proc/self/mounts
* and the container's /proc doesn't contain our /self. See read_mounts(). * and the container's /proc doesn't contain our /self. See read_mounts().
*/ */
procfd = open("/proc", O_RDONLY | O_DIRECTORY | O_PATH); procfd = open("/proc", O_RDONLY | O_DIRECTORY | O_PATH | O_CLOEXEC);
if (procfd < 0) { if (procfd < 0) {
fprintf(stderr, "%s: failed to open /proc: %s\n", argv[0], strerror(errno)); fprintf(stderr, "%s: failed to open /proc: %s\n", argv[0], strerror(errno));
return 4; return 4;
} }
/* Open the mount namespace and enter it. */ /* Open the mount namespace and enter it. */
ctmntfd = open(mntns, O_RDONLY); ctmntfd = open(mntns, O_RDONLY | O_CLOEXEC);
if (ctmntfd < 0) { if (ctmntfd < 0) {
fprintf(stderr, "%s: failed to open mount namespace: %s\n", fprintf(stderr, "%s: failed to open mount namespace: %s\n",
argv[0], strerror(errno)); argv[0], strerror(errno));