execute: make sure JoinsNamespaceOf= doesn't leak ns fds to executed processes
This commit is contained in:
parent
fe048ce56a
commit
33df919d5c
|
@ -3062,7 +3062,7 @@ int exec_runtime_make(ExecRuntime **rt, ExecContext *c, const char *id) {
|
|||
return r;
|
||||
|
||||
if (c->private_network && (*rt)->netns_storage_socket[0] < 0) {
|
||||
if (socketpair(AF_UNIX, SOCK_DGRAM, 0, (*rt)->netns_storage_socket) < 0)
|
||||
if (socketpair(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0, (*rt)->netns_storage_socket) < 0)
|
||||
return -errno;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue