File descriptor leak in joinSandboxNetNs() due to missing close on namespace fd

### Affected File

`pkg/unikontainers/unikontainers.go`
Function: `joinSandboxNetNs()`

---

### Problem

The file descriptor returned by `unix.Open` is never closed after `unix.Setns`, causing a leak on both success and error paths.

```go
fd, err := unix.Open(netNsPath, unix.O_RDONLY|unix.O_CLOEXEC, 0)
if err != nil {
    return err
}

err = unix.Setns(int(fd), unix.CLONE_NEWNET)
if err != nil {
    return err // fd leaks
}

return nil // fd leaks
```

---

### Impact

Repeated calls can exhaust file descriptors in long-running processes, leading to errors like `EMFILE`.

---

### Proposed Fix

Add:

```go
defer unix.Close(fd)
```

right after `unix.Open` to ensure cleanup on all paths.




Provide feedback

Saved searches

Use saved searches to filter your results more quickly

File descriptor leak in joinSandboxNetNs() due to missing close on namespace fd #609

Affected File

Problem

Impact

Proposed Fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

File descriptor leak in joinSandboxNetNs() due to missing close on namespace fd #609

Description

Affected File

Problem

Impact

Proposed Fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions