diff --git a/libcontainer/utils/utils.go b/libcontainer/utils/utils.go index 26a0fb7d..266836f5 100644 --- a/libcontainer/utils/utils.go +++ b/libcontainer/utils/utils.go @@ -4,9 +4,7 @@ import ( "crypto/rand" "encoding/hex" "io" - "io/ioutil" "path/filepath" - "strconv" "syscall" ) @@ -37,30 +35,6 @@ func ResolveRootfs(uncleanRootfs string) (string, error) { return filepath.EvalSymlinks(rootfs) } -func CloseExecFrom(minFd int) error { - fdList, err := ioutil.ReadDir("/proc/self/fd") - if err != nil { - return err - } - for _, fi := range fdList { - fd, err := strconv.Atoi(fi.Name()) - if err != nil { - // ignore non-numeric file names - continue - } - - if fd < minFd { - // ignore descriptors lower than our specified minimum - continue - } - - // intentionally ignore errors from syscall.CloseOnExec - syscall.CloseOnExec(fd) - // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) - } - return nil -} - // ExitStatus returns the correct exit status for a process based on if it // was signaled or existed cleanly. func ExitStatus(status syscall.WaitStatus) int { diff --git a/libcontainer/utils/utils_unix.go b/libcontainer/utils/utils_unix.go new file mode 100644 index 00000000..408918f2 --- /dev/null +++ b/libcontainer/utils/utils_unix.go @@ -0,0 +1,33 @@ +// +build !windows + +package utils + +import ( + "io/ioutil" + "strconv" + "syscall" +) + +func CloseExecFrom(minFd int) error { + fdList, err := ioutil.ReadDir("/proc/self/fd") + if err != nil { + return err + } + for _, fi := range fdList { + fd, err := strconv.Atoi(fi.Name()) + if err != nil { + // ignore non-numeric file names + continue + } + + if fd < minFd { + // ignore descriptors lower than our specified minimum + continue + } + + // intentionally ignore errors from syscall.CloseOnExec + syscall.CloseOnExec(fd) + // the cases where this might fail are basically file descriptors that have already been closed (including and especially the one that was created when ioutil.ReadDir did the "opendir" syscall) + } + return nil +}