libcontainer: if close_range fails, fall back to the old way

Signed-off-by: Evan Phoenix <evan@phx.io>
2025-10-13 03:03:56 +08:00 · 2025-01-24 11:54:37 -08:00
parent 111e8dcc0d
commit 33315a0548
1 changed files with 7 additions and 1 deletions
--- a/libcontainer/utils/utils_unix.go
+++ b/libcontainer/utils/utils_unix.go
@@ -103,7 +103,13 @@ func CloseExecFrom(minFd int) error {
 	// Use close_range(CLOSE_RANGE_CLOEXEC) if possible.
 	if haveCloseRangeCloexec() {
 		err := unix.CloseRange(uint(minFd), math.MaxInt32, unix.CLOSE_RANGE_CLOEXEC)
-		return os.NewSyscallError("close_range", err)
+		if err == nil {
+			return nil
+		}
+
+		logrus.Debugf("close_range failed, closing range one at a time (error: %v)", err)
+
+		// If close_range fails, we fall back to the standard loop.
 	}
 	// Otherwise, fall back to the standard loop.
 	return fdRangeFrom(minFd, unix.CloseOnExec)