proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-10 08:17:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1346 from brauner/2016-11-08/fix_attach_fd_leak_master

Browse Source 
attach: close lsm label file descriptor
This commit is contained in:
Stéphane Graber 2016-12-09 10:37:06 +01:00 committed by GitHub
commit f1f9cbf294
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/lxc/attach.c
View File

@ -972,7 +972,8 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
/* Open LSM fd and send it to child. */ /* Open LSM fd and send it to child. */
if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) { if ((options->namespaces & CLONE_NEWNS) && (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) {
int on_exec, labelfd; int on_exec;
int labelfd = -1;
on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? 1 : 0; on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? 1 : 0;
/* Open fd for the LSM security module. */ /* Open fd for the LSM security module. */
labelfd = lsm_openat(procfd, attached_pid, on_exec); labelfd = lsm_openat(procfd, attached_pid, on_exec);
@ -981,12 +982,15 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
/* Send child fd of the LSM security module to write to. */ /* Send child fd of the LSM security module to write to. */
ret = lxc_abstract_unix_send_fd(ipc_sockets[0], labelfd, NULL, 0); ret = lxc_abstract_unix_send_fd(ipc_sockets[0], labelfd, NULL, 0);
close(labelfd);
if (ret <= 0) { if (ret <= 0) {
ERROR("Intended to send file descriptor %d: %s.", labelfd, strerror(errno)); ERROR("Intended to send file descriptor %d: %s.", labelfd, strerror(errno));
goto on_error; goto on_error;
} }
} }
if (procfd >= 0)
close(procfd);
/* Now shut down communication with child, we're done. */ /* Now shut down communication with child, we're done. */
shutdown(ipc_sockets[0], SHUT_RDWR); shutdown(ipc_sockets[0], SHUT_RDWR);
close(ipc_sockets[0]); close(ipc_sockets[0]);