zishuo/runc
1
0
Fork 0
mirror of https://github.com/opencontainers/runc.git synced 2025-12-24 11:50:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

libct: mountFd: close mountFile on error

Browse Source 
Reported in issue 5008.

Reported-by: Arina Cherednik <arinacherednik034@gmail.com>
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
This commit is contained in:
Kir Kolyshkin
2025-11-12 13:35:24 -08:00
parent c24965b742
commit 8a9b4dcda6
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
libcontainer/mount_linux.go
View File

@@ -250,7 +250,7 @@ func syscallMode(i fs.FileMode) (o uint32) {
// process will need to do an old-fashioned mount(2) themselves.
//
// This helper is only intended to be used by goCreateMountSources.
func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error) {
func mountFd(nsHandles *userns.Handles, m *configs.Mount) (_ *mountSource, retErr error) {
if !m.IsBind() {
return nil, errors.New("new mount api: only bind-mounts are supported")
}
@@ -261,6 +261,11 @@ func mountFd(nsHandles *userns.Handles, m *configs.Mount) (*mountSource, error)
var mountFile *os.File
var sourceType mountSourceType
defer func() {
if retErr != nil && mountFile != nil {
mountFile.Close()
}
}()
// Ideally, we would use OPEN_TREE_CLONE for everything, because we can
// be sure that the file descriptor cannot be used to escape outside of