podman service: close duplicated /dev/null fd

Since we open /dev/null to set it as STDIN we can close it after the dup2() call. Using defer is not good enough since this function will never exit since the http server will block. This is not a problem but it reduces the open fds from the service by one. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger <[email protected]>
containers · Dec 20, 2022 · 4724fa3 · 4724fa3
1 parent c2d48c5
commit 4724fa3
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go
@@ -94,15 +94,17 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
 		libpodRuntime.SetRemoteURI(uri.String())
 	}
 
-	// Close stdin, so shortnames will not prompt
+	// Set stdin to /dev/null, so shortnames will not prompt
 	devNullfile, err := os.Open(os.DevNull)
 	if err != nil {
 		return err
 	}
-	defer devNullfile.Close()
 	if err := unix.Dup2(int(devNullfile.Fd()), int(os.Stdin.Fd())); err != nil {
+		devNullfile.Close()
 		return err
 	}
+	// Close the fd right away to not leak it during the entire time of the service.
+	devNullfile.Close()
 
 	if err := utils.MaybeMoveToSubCgroup(); err != nil {
 		// it is a best effort operation, so just print the