[lxc-devel] [lxd/master] forkexec: log unexpected fds

[brauner on Github]

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200410/e2e9551f/attachment.bin>
-------------- next part --------------
From 254a018f2640e8783d6c0a8ed7a9e1f372546c35 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Fri, 10 Apr 2020 17:11:40 +0200
Subject: [PATCH] forkexec: log unexpected fds

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/main_forkexec.go | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/lxd/main_forkexec.go b/lxd/main_forkexec.go
index 3d69fa80ad..d9e282a60c 100644
--- a/lxd/main_forkexec.go
+++ b/lxd/main_forkexec.go
@@ -187,7 +187,21 @@ restart:
 		if (match_stdfds(fd))
 			continue;
 
-		close(fd);
+		if (close(fd)) {
+			return log_error(-errno, "%s - Failed to close file descriptor %d", strerror(errno), fd);
+		} else {
+			char fdpath[PATH_MAX], realpath[PATH_MAX];
+
+			snprintf(fdpath, sizeof(fdpath), "/proc/self/fd/%d", fd);
+			ret = readlink(fdpath, realpath, PATH_MAX);
+			if (ret < 0)
+				snprintf(realpath, sizeof(realpath), "unknown");
+			else if (ret >= sizeof(realpath))
+				realpath[sizeof(realpath) - 1] = '\0';
+
+			log_error(-errno, "Closing unexpected file descriptor %d -> %s", fd, realpath);
+		}
+
 		closedir(dir);
 		goto restart;
 	}
@@ -272,7 +286,9 @@ __attribute__ ((noinline)) static int __forkexec(void)
 	if (!argvp || !*argvp)
 		return log_error(EXIT_FAILURE, "No command specified");
 
-	close_inherited(fds_to_ignore, ARRAY_SIZE(fds_to_ignore));
+	ret = close_inherited(fds_to_ignore, ARRAY_SIZE(fds_to_ignore));
+	if (ret)
+		return log_error(EXIT_FAILURE, "Aborting attach to prevent leaking file descriptors into container");
 
 	ret = fd_cloexec(status_pipe, true);
 	if (ret)