On Tue, 7 Apr 2026 10:27:04 +0200
Johannes Segitz
On Thu, Apr 02, 2026 at 03:36:58PM +0200, Paul Holzinger wrote:
I did a quick spot check in Podman and found a few places where a fd might be leaked: https://github.com/containers/podman/pull/28434
That said I do not think any of these would explain an open /dev/dri path.
I build podman with the change (and passt with the broader fd closing logic) and asked the reporter to test them. The denial is still shown with this unfortunately
Johannes, thanks for reporting back. Paul, I was wondering: would there be a way to do something equivalent to that close_range() directly in Podman, before it starts pasta? I think it's a separate thread (or even a forked process) starting it, but I haven't really checked. -- Stefano