Unshare files on exec

The current task can share its fdtable with a few other tasks, but after exec, this should be a completely separate process. PiperOrigin-RevId: 314999565
author: Andrei Vagin <avagin@google.com> 2020-06-05 14:43:56 -0700
committer: gVisor bot <gvisor-bot@google.com> 2020-06-05 14:45:32 -0700
commit: 8c1f5b5cd8b634a5e7255944f42e82c5c9de3149 (patch)
tree: e74456e75368909f69ea837fb9ec089e18058802 /pkg/sentry/kernel/task_exec.go
parent: e4e11f2798db1c063e588383e237f1f5b06809db (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkg/sentry/kernel/task_exec.go b/pkg/sentry/kernel/task_exec.go
index 00c425cca..9b69f3cbe 100644
--- a/pkg/sentry/kernel/task_exec.go
+++ b/pkg/sentry/kernel/task_exec.go
@@ -198,6 +198,10 @@ func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState {
 	t.tg.oldRSeqCritical.Store(&OldRSeqCriticalRegion{})
 	t.tg.pidns.owner.mu.Unlock()
 
+	oldFDTable := t.fdTable
+	t.fdTable = t.fdTable.Fork()
+	oldFDTable.DecRef()
+
 	// Remove FDs with the CloseOnExec flag set.
 	t.fdTable.RemoveIf(func(_ *fs.File, _ *vfs.FileDescription, flags FDFlags) bool {
 		return flags.CloseOnExec
author	Andrei Vagin <avagin@google.com>	2020-06-05 14:43:56 -0700
committer	gVisor bot <gvisor-bot@google.com>	2020-06-05 14:45:32 -0700
commit	8c1f5b5cd8b634a5e7255944f42e82c5c9de3149 (patch)
tree	e74456e75368909f69ea837fb9ec089e18058802 /pkg/sentry/kernel/task_exec.go
parent	e4e11f2798db1c063e588383e237f1f5b06809db (diff)