attach: move file descriptor closing into attach_context_container()

This reduces the possibility of forgetting to close the namespace file descriptors when we change this codepath. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc · Feb 2, 2021 · 92466fe · 92466fe
1 parent 72a19d2
commit 92466fe
Showing 1 changed file with 12 additions and 10 deletions.
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
@@ -572,23 +572,28 @@ static void put_attach_context(struct attach_context *ctx)
 
 static int attach_context_container(struct attach_context *ctx)
 {
+	int fret = 0;
+
 	for (int i = 0; i < LXC_NS_MAX; i++) {
 		int ret;
 
 		if (ctx->ns_fd[i] < 0)
 			continue;
 
 		ret = setns(ctx->ns_fd[i], ns_info[i].clone_flag);
-		if (ret < 0)
-			return log_error_errno(-1, errno,
-					       "Failed to attach to %s namespace of %d",
-					       ns_info[i].proc_name, ctx->init_pid);
+		if (ret)
+			return log_error_errno(-errno, errno, "Failed to attach to %s namespace of %d", ns_info[i].proc_name, ctx->init_pid);
 
-		DEBUG("Attached to %s namespace of %d",
-		ns_info[i].proc_name, ctx->init_pid);
+		DEBUG("Attached to %s namespace of %d", ns_info[i].proc_name, ctx->init_pid);
+
+		if (close(ctx->ns_fd[i])) {
+			fret = -errno;
+			SYSERROR("Failed to close file descriptor for %s namespace", ns_info[i].proc_name);
+		}
+		ctx->ns_fd[i] = -EBADF;
 	}
 
-	return 0;
+	return fret;
 }
 
 /*
@@ -1436,9 +1441,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
 			_exit(EXIT_FAILURE);
 		}
 
-		/* close namespace file descriptors */
-		close_nsfds(ctx);
-
 		/* Attach succeeded, try to cwd. */
 		if (options->initial_cwd)
 			new_cwd = options->initial_cwd;