fsgopher: reopen files via /proc/self/fd

When we reopen file by path, we can't be sure that we will open exactly the same file. The file can be deleted and another one with the same name can be created. PiperOrigin-RevId: 254898594
author: Andrei Vagin <avagin@google.com> 2019-06-24 21:43:14 -0700
committer: gVisor bot <gvisor-bot@google.com> 2019-06-24 21:44:27 -0700
commit: fd16a329ce0c9fa1e7dd4c0fc1edc201f4c19571 (patch)
tree: 416f77c16bf0a39b0b7f6495dc80184f153b99ea /runsc/cmd
parent: e9ea7230f7dc70d3e1bb5ae32b6927209cafb465 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index 52609a57a..9faabf494 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -152,6 +152,10 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...interface{})
 	// modes exactly as sent by the sandbox, which will have applied its own umask.
 	syscall.Umask(0)
 
+	if err := fsgofer.OpenProcSelfFD(); err != nil {
+		Fatalf("failed to open /proc/self/fd: %v", err)
+	}
+
 	if err := syscall.Chroot(root); err != nil {
 		Fatalf("failed to chroot to %q: %v", root, err)
 	}
author	Andrei Vagin <avagin@google.com>	2019-06-24 21:43:14 -0700
committer	gVisor bot <gvisor-bot@google.com>	2019-06-24 21:44:27 -0700
commit	fd16a329ce0c9fa1e7dd4c0fc1edc201f4c19571 (patch)
tree	416f77c16bf0a39b0b7f6495dc80184f153b99ea /runsc/cmd
parent	e9ea7230f7dc70d3e1bb5ae32b6927209cafb465 (diff)