don't leak the rootfs.pin fd into the container

Only the container parent needs to keep that fd open. Close it as soon as the container's first task is spawned. Else it can show up in /proc/$$/fd in the container. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
2025-07-25 07:41:19 +00:00 · 2013-01-17 09:53:33 -06:00 · 2013-01-17 09:53:33 -06:00 · 2b0e17e48f
commit 2b0e17e48f
parent 2008796233
2 changed files with 8 additions and 5 deletions
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@ -575,6 +575,9 @@ static int do_start(void *data)

 	lxc_sync_fini_parent(handler);

+	/* don't leak the pinfd to the container */
+	close(handler->pinfd);
+
 	/* Tell the parent task it can begin to configure the
 	 * container and wait for it to finish
 	 */
@ -691,7 +694,6 @@ int lxc_spawn(struct lxc_handler *handler)
 {
 	int failed_before_rename = 0;
 	const char *name = handler->name;
-	int pinfd;

 	if (lxc_sync_init(handler))
 		return -1;
@ -735,8 +737,8 @@ int lxc_spawn(struct lxc_handler *handler)
 	 * marking it readonly.
 	 */

-	pinfd = pin_rootfs(handler->conf->rootfs.path);
-	if (pinfd == -1) {
+	handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+	if (handler->pinfd == -1) {
 		ERROR("failed to pin the container's rootfs");
 		goto out_abort;
 	}
@ -818,8 +820,8 @@ int lxc_spawn(struct lxc_handler *handler)

 	lxc_sync_fini(handler);

-	if (pinfd >= 0)
-		close(pinfd);
+	if (handler->pinfd >= 0)
+		close(handler->pinfd);

 	return 0;

--- a/src/lxc/start.h
+++ b/src/lxc/start.h
@ -49,6 +49,7 @@ struct lxc_handler {
 #if HAVE_APPARMOR
 	int aa_enabled;
 #endif
+	int pinfd;
 };

 extern struct lxc_handler *lxc_init(const char *name, struct lxc_conf *);