From 09603cab28f9883baf1d7b48bdc102d6641dc300 Mon Sep 17 00:00:00 2001 From: Stefano Brivio Date: Tue, 6 Aug 2024 20:32:11 +0200 Subject: passt, util: Close any open file that the parent might have leaked If a parent accidentally or due to implementation reasons leaks any open file, we don't want to have access to them, except for the file passed via --fd, if any. This is the case for Podman when Podman's parent leaks files into Podman: it's not practical for Podman to close unrelated files before starting pasta, as reported by Paul. Use close_range(2) to close all open files except for standard streams and the one from --fd. Given that parts of conf() depend on other files to be already opened, such as the epoll file descriptor, we can't easily defer this to a more convenient point, where --fd was already parsed. Introduce a minimal, duplicate version of --fd parsing to keep this simple. As we need to check that the passed --fd option doesn't exceed INT_MAX, because we'll parse it with strtol() but file descriptor indices are signed ints (regardless of the arguments close_range() take), extend the existing check in the actual --fd parsing in conf(), also rejecting file descriptors numbers that match standard streams, while at it. Suggested-by: Paul Holzinger Signed-off-by: Stefano Brivio Reviewed-by: David Gibson Reviewed-by: Paul Holzinger --- passt.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'passt.c') diff --git a/passt.c b/passt.c index ea5bece..4b3c306 100644 --- a/passt.c +++ b/passt.c @@ -211,7 +211,7 @@ int main(int argc, char **argv) arch_avx2_exec(argv); - isolate_initial(); + isolate_initial(argc, argv); c.pasta_netns_fd = c.fd_tap = c.pidfile_fd = -1; -- cgit v1.2.3