From d97ccfa346d23d99dcbe634a10fa5d81b089100d Mon Sep 17 00:00:00 2001 From: Fabricio Voznika Date: Fri, 9 Nov 2018 14:53:24 -0800 Subject: Close donated files if containerManager.Start() fails PiperOrigin-RevId: 220869535 Change-Id: I9917e5daf02499f7aab6e2aa4051c54ff4461b9a --- runsc/boot/controller.go | 6 ++++++ runsc/boot/loader.go | 4 ++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'runsc') diff --git a/runsc/boot/controller.go b/runsc/boot/controller.go index 568aad117..7a1f42119 100644 --- a/runsc/boot/controller.go +++ b/runsc/boot/controller.go @@ -213,6 +213,12 @@ type StartArgs struct { func (cm *containerManager) Start(args *StartArgs, _ *struct{}) error { log.Debugf("containerManager.Start: %+v", args) + defer func() { + for _, f := range args.FilePayload.Files { + f.Close() + } + }() + // Validate arguments. if args == nil { return errors.New("start missing arguments") diff --git a/runsc/boot/loader.go b/runsc/boot/loader.go index 946ddfd47..d953bb783 100644 --- a/runsc/boot/loader.go +++ b/runsc/boot/loader.go @@ -515,7 +515,8 @@ func (l *Loader) createContainer(cid string) error { } // startContainer starts a child container. It returns the thread group ID of -// the newly created process. +// the newly created process. Caller owns 'files' and may close them after +// this method returns. func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config, cid string, files []*os.File) error { // Create capabilities. caps, err := specutils.Capabilities(spec.Process.Capabilities) @@ -553,7 +554,6 @@ func (l *Loader) startContainer(k *kernel.Kernel, spec *specs.Spec, conf *Config if err != nil { return fmt.Errorf("failed to dup file: %v", err) } - f.Close() ioFDs = append(ioFDs, fd) } -- cgit v1.2.3