userns: close all file descriptors before entering into userns

Cc: Jann Horn <jann@thejh.net> Reporte-by: Jann Horn <jann@thejh.net> Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>

userns: close all file descriptors before entering into userns
Cc: Jann Horn <jann@thejh.net> Reporte-by: Jann Horn <jann@thejh.net> Signed-off-by: Andrew Vagin <avagin@virtuozzo.com> Signed-off-by: Pavel Emelyanov <xemul@virtuozzo.com>
2253c430 · Andrew Vagin · Pavel Emelyanov · 6e1726f8 · 2253c430
Commit 2253c430 authored Feb 17, 2016 by Andrew Vagin Committed by Pavel Emelyanov Feb 20, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

namespaces.c criu/namespaces.c +5 -0

No files found.
--- a/criu/namespaces.c
+++ b/criu/namespaces.c
@@ -654,6 +654,7 @@ static int check_user_ns(int pid)
 		struct __user_cap_header_struct hdr;
 		uid_t uid;
 		gid_t gid;
+		int i;

 		uid = host_uid(0);
 		gid = host_gid(0);
@@ -696,6 +697,10 @@ static int check_user_ns(int pid)
 			return -1;
 		}

+		close_old_fds();
+		for (i = SERVICE_FD_MIN + 1; i < SERVICE_FD_MAX; i++)
+			close_service_fd(i);
+
 		/*
 		 * Check that we are able to enter into other namespaces
 		 * from the target userns namespace. This signs that these