BUG/MEDIUM: namespace: fix fd leak in master-worker mode
When namespaces are used in the configuration, the respective namespace handles
are opened during config parsing and stored in an ebtree for lookup later.
Unfortunately, when the master process re-execs itself these file descriptors
were not closed, effectively leaking the fds and preventing destruction of
namespaces no longer present in the configuration.
This change fixes this issue by opening the namespace file handles as
close-on-exec, making sure that they will be closed during re-exec.
(cherry picked from commit 538aa7168fca1adf2ecd0aa4a47e6b8856275f55)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/namespace.c b/src/namespace.c
index d1d8a47..f23da48 100644
--- a/src/namespace.c
+++ b/src/namespace.c
@@ -25,7 +25,7 @@
{
if (chunk_printf(&trash, "/var/run/netns/%s", ns_name) < 0)
return -1;
- return open(trash.area, O_RDONLY);
+ return open(trash.area, O_RDONLY | O_CLOEXEC);
}
static int default_namespace = -1;
@@ -34,7 +34,7 @@
{
if (chunk_printf(&trash, "/proc/%d/ns/net", getpid()) < 0)
return -1;
- default_namespace = open(trash.area, O_RDONLY);
+ default_namespace = open(trash.area, O_RDONLY | O_CLOEXEC);
return default_namespace;
}