13 Feb
2023
13 Feb
'23
2:15 a.m.
On Tue, 7 Feb 2023 16:10:46 +0100
Paul Holzinger
When spawning a child command with pasta command... pasta should not leak fds that it opened. Only the fds that were already open should be given to the child.
Run `pasta --config-net -- ls -l /proc/self/fd` from a terminal where only stdin/out/err are open. The fd 3 was opend by ls to read the /proc/self/fd dir. But fd 5 is the netlink socket that was opend in pasta. To prevent such a leak we will open the socket with SOCK_CLOEXEC.
Signed-off-by: Paul Holzinger
Applied. -- Stefano