start: ensure all file descriptors are closed during exec

Closes https://github.com/checkpoint-restore/criu/issues/1011. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: ensure all file descriptors are closed during exec
850c0659 · Christian Brauner · Stéphane Graber · 98613f61 · 850c0659 · 850c0659
Unverified Commit 850c0659 authored Apr 07, 2020 by Christian Brauner Committed by Stéphane Graber Apr 08, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 6 additions and 7 deletions

af_unix.c src/lxc/af_unix.c +1 -1

start.c src/lxc/start.c +5 -6

No files found.
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -189,7 +189,7 @@ static int lxc_abstract_unix_recv_fds_iov(int fd, int *recvfds, int num_recvfds,
 	msg.msg_iovlen = iovlen;
 	do {
-		ret = recvmsg(fd, &msg, 0);
+		ret = recvmsg(fd, &msg, MSG_CMSG_CLOEXEC);
 	} while (ret < 0 && errno == EINTR);
 	if (ret < 0 || ret == 0)
 		return ret;

--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1039,14 +1039,13 @@ static int do_start(void *data)
 	struct lxc_handler *handler = data;
 	__lxc_unused __do_close int data_sock0 = handler->data_sock[0],
 					   data_sock1 = handler->data_sock[1];
-	__do_close int status_fd = -EBADF;
+	__do_close int devnull_fd = -EBADF, status_fd = -EBADF;
 	int ret;
 	uid_t new_uid;
 	gid_t new_gid;
 	struct lxc_list *iterator;
 	uid_t nsuid = 0;
 	gid_t nsgid = 0;
-	int devnull_fd = -1;
 	lxc_sync_fini_parent(handler);
@@ -1401,20 +1400,20 @@ static int do_start(void *data)
 		}
 	}
-	/* After this call, we are in error because this ops should not return
+	/*
+	 * After this call, we are in error because this ops should not return
 	 * as it execs.
 	 */
 	handler->ops->start(handler, handler->data);
 out_warn_father:
-	/* We want the parent to know something went wrong, so we return a
+	/*
+	 * We want the parent to know something went wrong, so we return a
 	 * special error code.
 	 */
 	lxc_sync_wake_parent(handler, LXC_SYNC_ERROR);
 out_error:
-	close_prot_errno_disarm(devnull_fd);
 	return -1;
 }