Close original pipe end after dup2 in child process

This avoids "leaking" duplicated file descriptors in the child process. This also allows the child process to signal the end of its processing by closing its stdout and stderr. This can now be reliably detected by the parent process, if needed. Bug: chromium:1009857 Test: Unit tests pass Change-Id: Ie1cd4ff9e95f18e423df007f88bfff34456346f3
author: François Degros <fdegros@chromium.org> 2019-10-01 12:06:42 +1000
committer: François Degros <fdegros@chromium.org> 2019-10-17 16:32:51 +1100
commit: a8be2c42e3028b7a68ad6f993dfdd44054bdad39 (patch)
tree: d130fb6b2b27fe9efc4b6a701453b6aa3e0de7c7 /system.c
parent: 47e63358c05accc13dd37e604ae9c990eb2b7608 (diff)
download: minijail-a8be2c42e3028b7a68ad6f993dfdd44054bdad39.tar.gz
1 files changed, 6 insertions, 3 deletions
diff --git a/system.c b/system.c
index 175e088..118daf4 100644
--- a/system.c
+++ b/system.c
@@ -222,14 +222,17 @@ int setup_pipe_end(int fds[2], size_t index)
 	return fds[index];
 }
 
-int setup_and_dupe_pipe_end(int fds[2], size_t index, int fd)
+int dupe_and_close_fd(int fds[2], size_t index, int fd)
 {
 	if (index > 1)
 		return -1;
 
-	close(fds[1 - index]);
 	/* dup2(2) the corresponding end of the pipe into |fd|. */
-	return dup2(fds[index], fd);
+	fd = dup2(fds[index], fd);
+
+	close(fds[0]);
+	close(fds[1]);
+	return fd;
 }
 
 int write_pid_to_path(pid_t pid, const char *path)
author	François Degros <fdegros@chromium.org>	2019-10-01 12:06:42 +1000
committer	François Degros <fdegros@chromium.org>	2019-10-17 16:32:51 +1100
commit	a8be2c42e3028b7a68ad6f993dfdd44054bdad39 (patch)
tree	d130fb6b2b27fe9efc4b6a701453b6aa3e0de7c7 /system.c
parent	47e63358c05accc13dd37e604ae9c990eb2b7608 (diff)
download	minijail-a8be2c42e3028b7a68ad6f993dfdd44054bdad39.tar.gz