mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-09-11 15:08:33 +01:00
Code Issues Wiki Activity

build-fhs-userenv: don't leak file descriptors

Browse source 
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
This commit is contained in:
zimbatm 2015-12-10 16:01:04 +00:00
parent c3be340ae0
commit 9b33ec1764
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
pkgs/build-support/build-fhs-userenv/chroot-user.rb
View file

@ -140,10 +140,10 @@ if $cpid == 0
link_swdir.call swdir, Pathname.new('') link_swdir.call swdir, Pathname.new('')
# New environment # New environment
ENV.replace(Hash[ envvars.map { |x| [x, ENV[x]] } ]) new_env = Hash[ envvars.map { |x| [x, ENV[x]] } ]
# Finally, exec! # Finally, exec!
exec *execp exec(new_env, *execp, close_others: true, unsetenv_others: true)
end end
# Wait for a child. If we catch a signal, resend it to child and continue # Wait for a child. If we catch a signal, resend it to child and continue