Skip to content

Commit

Permalink
libcontainer: Don't close fds already closed
Browse files Browse the repository at this point in the history 
This was closed in the child[1], before calling clone_parent (so runc
INIT will have this fd closed too), there is no point closing it again.

This was not causing issues because we ignore the return code of
close(2) and no one was opening a new fd between both calls to close.
However, with the new patches that I'm working on (PR #2576), this
problem is no longer inocuos: we do open a new fd in that PR, sometimes
that fd is allocated between the two close(2) calls and, as the lowest
fd is allocated to the new fd, sometimes the second close ends up
incorrectly closing this new fd.

Before it was not a problem in practice, but it was incorrect
nevertheless.

This seems to be long standing bug, present since at least 2018
(a54316b), when SYNC_GRANDCHILD was introduced.

[1]: https://github.com/opencontainers/runc/blob/5547b5774f71f75a088e7432fa961778750a0fbd/libcontainer/nsenter/nsexec.c#L888

Co-authored-by: Alban Crequy <[email protected]>
Signed-off-by: Rodrigo Campos <[email protected]>
  • Loading branch information
@rata @alban
rata and alban committed Jul 2, 2021
1 parent 5547b57 commit 7d479e6
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion libcontainer/nsenter/nsexec.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1044,7 +1044,6 @@ void nsexec(void)
syncfd = sync_grandchild_pipe[0];
close(sync_grandchild_pipe[1]);
close(sync_child_pipe[0]);
close(sync_child_pipe[1]);

/* For debugging. */
prctl(PR_SET_NAME, (unsigned long)"runc:[2:INIT]", 0, 0, 0);
Expand Down

0 comments on commit 7d479e6

Please sign in to comment.