From 8c1f5b5cd8b634a5e7255944f42e82c5c9de3149 Mon Sep 17 00:00:00 2001 From: Andrei Vagin Date: Fri, 5 Jun 2020 14:43:56 -0700 Subject: Unshare files on exec The current task can share its fdtable with a few other tasks, but after exec, this should be a completely separate process. PiperOrigin-RevId: 314999565 --- pkg/sentry/kernel/task_exec.go | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'pkg/sentry/kernel/task_exec.go') diff --git a/pkg/sentry/kernel/task_exec.go b/pkg/sentry/kernel/task_exec.go index 00c425cca..9b69f3cbe 100644 --- a/pkg/sentry/kernel/task_exec.go +++ b/pkg/sentry/kernel/task_exec.go @@ -198,6 +198,10 @@ func (r *runSyscallAfterExecStop) execute(t *Task) taskRunState { t.tg.oldRSeqCritical.Store(&OldRSeqCriticalRegion{}) t.tg.pidns.owner.mu.Unlock() + oldFDTable := t.fdTable + t.fdTable = t.fdTable.Fork() + oldFDTable.DecRef() + // Remove FDs with the CloseOnExec flag set. t.fdTable.RemoveIf(func(_ *fs.File, _ *vfs.FileDescription, flags FDFlags) bool { return flags.CloseOnExec -- cgit v1.2.3