mirror/flatpak
1
0
Fork 0
mirror of https://github.com/flatpak/flatpak.git synced 2026-04-21 07:23:52 -04:00
Code Issues Packages Projects Releases Wiki Activity

app, context: Never close fds 0, 1 or 2

Browse Source 
These fds are stdin, stdout and stderr respectively, and are expected
to remain open at all times (if they are not needed then they can point
to /dev/null, but they should always be open). If the user gives us
`--env-fd=2` or similar, we don't want to close fd 2 before exiting
unsuccessfully: that would give us nowhere to display the error message.

Signed-off-by: Simon McVittie <smcv@collabora.com>
This commit is contained in:
Simon McVittie
2026-04-10 14:00:14 +01:00
parent f5f70a511e
commit c4ab58cd2e
2 changed files with 26 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
app/flatpak-builtins-run.c
View File

@@ -80,7 +80,11 @@ option_bind_fd_cb (const char *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
/* Don't close these fds! */
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
if (!flatpak_set_cloexec (fd))
return glnx_throw_errno_prefix (error, "--bind-fd");
@@ -103,7 +107,10 @@ option_ro_bind_fd_cb (const char *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
if (!flatpak_set_cloexec (fd))
return glnx_throw_errno_prefix (error, "--ro-bind-fd");
@@ -126,7 +133,10 @@ opt_instance_id_fd_cb (const char *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
if (!flatpak_set_cloexec (fd))
return glnx_throw_errno_prefix (error, "--instance-id-fd");
@@ -148,7 +158,10 @@ opt_app_fd_cb (const char *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
if (!flatpak_set_cloexec (fd))
return glnx_throw_errno_prefix (error, "--app-fd");
@@ -170,7 +183,10 @@ opt_usr_fd_cb (const char *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
if (!flatpak_set_cloexec (fd))
return glnx_throw_errno_prefix (error, "--usr-fd");

6
common/flatpak-context.c
View File

@@ -2439,7 +2439,11 @@ option_env_fd_cb (const gchar *option_name,
return FALSE;
if (fd < 3)
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
{
/* Don't close these fds! */
fd = -1;
return glnx_throw (error, "File descriptors 0, 1, 2 are reserved");
}
/* This is not strictly necessary, because we're going to close it after
* parsing the environment block, but let's be consistent with other fd