diff options
| author | Michael Stone <michael@laptop.org> | 2009-03-11 04:36:30 (GMT) |
|---|---|---|
| committer | Michael Stone <michael@laptop.org> | 2009-03-11 04:36:30 (GMT) |
| commit | 9ca6ebd0894f314e314fa5ba72541d6b55834bab (patch) | |
| tree | 7477e2257955deaaf9e33e0edea2ce612b4c2460 /rainbow | |
| parent | b924bf7fb57a8984cce68d17ef3793b0752e2175 (diff) | |
Close fds before running assistants.
Diffstat (limited to 'rainbow')
| -rw-r--r-- | rainbow/rainbow/inject.py | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/rainbow/rainbow/inject.py b/rainbow/rainbow/inject.py index 991daa9..c94d2ef 100644 --- a/rainbow/rainbow/inject.py +++ b/rainbow/rainbow/inject.py @@ -97,7 +97,7 @@ def mount_fsen(log, home): #mount('tmpfs', '/tmp', 'tmpfs', 0, '') mount('tmpfs', '/var/tmp', 'tmpfs', 0, '') -def run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups): +def run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups, safe_fds): if assistant: envdir = None try: @@ -113,6 +113,11 @@ def run_assistant(log, assistant, env, owner_uid, owner_gid, uid, groups): setgroups(groups) setgid(owner_gid) setuid(owner_uid) + log(1, 'Closing fds.') + for fd in get_fds(): + if fd not in safe_fds: + try: os.close(fd) # propagate failure from EIO or EBADF. + except: pass log(1, 'Running assistant.') assistant_argv = [assistant, '-v', '-v', '-v', '-u', str(uid), '-e', envdir] log(1, '%r %r', assistant_argv, env) |