From 87373a837f6d4b1140ba2bcda306328fc02bf4e9 Mon Sep 17 00:00:00 2001
From: Jamie Liu <jamieliu@google.com>
Date: Thu, 23 Oct 2025 14:04:19 -0700
Subject: [PATCH] runsc/cmd: fix unintended FD closing in gofer

PiperOrigin-RevId: 823179726
---
 runsc/cmd/gofer.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/runsc/cmd/gofer.go b/runsc/cmd/gofer.go
index 97884ccda8..629f38ca5e 100644
--- a/runsc/cmd/gofer.go
+++ b/runsc/cmd/gofer.go
@@ -193,7 +193,6 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...any) subcomm
 			defer cleanupUnmounter()
 		}
 	}
-	goferToHostRPC.Close()
 	if g.applyCaps {
 		overrides := g.syncFDs.flags()
 		overrides["apply-caps"] = "false"
@@ -207,6 +206,11 @@ func (g *Gofer) Execute(_ context.Context, f *flag.FlagSet, args ...any) subcomm
 		panic("unreachable")
 	}
 
+	// This can't happen until after setCapsAndCallSelf(), since otherwise the
+	// re-executed gofer may reuse goferToHostRPCFD's file descriptor for an
+	// unrelated file.
+	goferToHostRPC.Close()
+
 	// Start profiling. This will be a noop if no profiling arguments were passed.
 	profileOpts := profile.MakeOpts(&g.profileFDs, conf.ProfileGCInterval)
 	g.stopProfiling = profile.Start(profileOpts)