rexec: mark all fds as close-on-exec if possible

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rexec: mark all fds as close-on-exec if possible
531d36ad · Christian Brauner · e8aaef81 · 531d36ad · 531d36ad
Unverified Commit 531d36ad authored Feb 03, 2021 by Christian Brauner
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

macro.h src/lxc/macro.h +2 -0

rexec.c src/lxc/rexec.c +3 -0

No files found.
--- a/src/lxc/macro.h
+++ b/src/lxc/macro.h
@@ -672,4 +672,6 @@ enum {
 #define ENOCGROUP2 ENOMEDIUM
+#define MAX_FILENO ~0U
 #endif /* __LXC_MACRO_H */
--- a/src/lxc/rexec.c
+++ b/src/lxc/rexec.c
@@ -162,6 +162,9 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name)
 	if (execfd < 0)
 		return;
+	ret = close_range(STDERR_FILENO, MAX_FILENO, CLOSE_RANGE_CLOEXEC);
+	if (ret && (errno != ENOSYS && errno != EINVAL))
+		fprintf(stderr, "%m - Failed to mark all file descriptors as close-on-exec\n");
 	fexecve(execfd, argv, envp);
 }