From 4724fa3075fbe68ee07cd1cbe74dc14592ecb624 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Tue, 20 Dec 2022 17:13:09 +0100 Subject: [PATCH] podman service: close duplicated /dev/null fd Since we open /dev/null to set it as STDIN we can close it after the dup2() call. Using defer is not good enough since this function will never exit since the http server will block. This is not a problem but it reduces the open fds from the service by one. [NO NEW TESTS NEEDED] Signed-off-by: Paul Holzinger --- cmd/podman/system/service_abi.go | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/cmd/podman/system/service_abi.go b/cmd/podman/system/service_abi.go index 82419ff1a1..3ce1c7f66e 100644 --- a/cmd/podman/system/service_abi.go +++ b/cmd/podman/system/service_abi.go @@ -94,15 +94,17 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities libpodRuntime.SetRemoteURI(uri.String()) } - // Close stdin, so shortnames will not prompt + // Set stdin to /dev/null, so shortnames will not prompt devNullfile, err := os.Open(os.DevNull) if err != nil { return err } - defer devNullfile.Close() if err := unix.Dup2(int(devNullfile.Fd()), int(os.Stdin.Fd())); err != nil { + devNullfile.Close() return err } + // Close the fd right away to not leak it during the entire time of the service. + devNullfile.Close() if err := utils.MaybeMoveToSubCgroup(); err != nil { // it is a best effort operation, so just print the