jasder
/
runc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5464 from tianon/close-leftover-fds

This commit is contained in:
Michael Crosby 2014-04-30 12:27:52 -07:00
parent d5951041df 187b637515
commit d8554248b0
1 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
nsinit/init.go
View File

@ -117,12 +117,16 @@ func setupNetwork(container *libcontainer.Container, context libcontainer.Contex
return nil
}
// finalizeNamespace drops the caps and sets the correct user
// and working dir before execing the command inside the namespace
// finalizeNamespace drops the caps, sets the correct user
// and working dir, and closes any leaky file descriptors
// before execing the command inside the namespace
func finalizeNamespace(container *libcontainer.Container) error {
if err := capabilities.DropCapabilities(container); err != nil {
return fmt.Errorf("drop capabilities %s", err)
}
if err := system.CloseFdsFrom(3); err != nil {
return fmt.Errorf("close open file descriptors %s", err)
}
if err := setupUser(container); err != nil {
return fmt.Errorf("setup user %s", err)
}