container: set CLOEXEC via close_range
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m44s
Test / Hakurei (push) Successful in 3m42s
Test / ShareFS (push) Successful in 3m46s
Test / Sandbox (race detector) (push) Successful in 5m1s
Test / Hakurei (race detector) (push) Successful in 6m7s
Test / Flake checks (push) Successful in 1m23s
All checks were successful
Test / Create distribution (push) Successful in 1m2s
Test / Sandbox (push) Successful in 2m44s
Test / Hakurei (push) Successful in 3m42s
Test / ShareFS (push) Successful in 3m46s
Test / Sandbox (race detector) (push) Successful in 5m1s
Test / Hakurei (race detector) (push) Successful in 6m7s
Test / Flake checks (push) Successful in 1m23s
This is guarded behind the close_range build tag for now. Signed-off-by: Ophestra <cat@gensokyo.uk>
This commit is contained in:
11
container/syscall_close_range.go
Normal file
11
container/syscall_close_range.go
Normal file
@@ -0,0 +1,11 @@
|
||||
//go:build close_range
|
||||
|
||||
package container
|
||||
|
||||
import "hakurei.app/ext"
|
||||
|
||||
// doCloseOnExec implements ensureCloseOnExec by calling CloseRange with
|
||||
// CLOSE_RANGE_CLOEXEC.
|
||||
func doCloseOnExec() error {
|
||||
return ext.CloseRange(0, ext.MaxUint, ext.CLOSE_RANGE_CLOEXEC)
|
||||
}
|
||||
Reference in New Issue
Block a user