[CRIU] [PATCH 2/2] userns: close all file descriptors before entering into userns
Andrey Vagin
avagin at openvz.org
Wed Feb 17 15:07:14 PST 2016
From: Andrew Vagin <avagin at virtuozzo.com>
Cc: Jann Horn <jann at thejh.net>
Reporte-by: Jann Horn <jann at thejh.net>
Signed-off-by: Andrew Vagin <avagin at virtuozzo.com>
---
criu/namespaces.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/criu/namespaces.c b/criu/namespaces.c
index eadabdb..744a711 100644
--- a/criu/namespaces.c
+++ b/criu/namespaces.c
@@ -655,6 +655,7 @@ static int check_user_ns(int pid)
struct __user_cap_header_struct hdr;
uid_t uid;
gid_t gid;
+ int i;
uid = host_uid(0);
gid = host_gid(0);
@@ -697,6 +698,10 @@ static int check_user_ns(int pid)
return -1;
}
+ close_old_fds();
+ for (i = SERVICE_FD_MIN + 1; i < SERVICE_FD_MAX; i++)
+ close_service_fd(i);
+
/*
* Check that we are able to enter into other namespaces
* from the target userns namespace. This signs that these
--
2.5.0
More information about the CRIU
mailing list