ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-26 04:43:09 +03:00
Code Issues Projects Releases Wiki Activity

build-fhs-userenv: don't leak file descriptors

Browse Source 
This re-uses the capabilities documented in `Process.spawn` to avoid leaking
unecessary file-descriptors to the sandbox
This commit is contained in:
zimbatm 2015-12-10 16:01:04 +00:00
parent c3be340ae0
commit 9b33ec1764
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/build-support/build-fhs-userenv/chroot-user.rb
View File

@ -140,10 +140,10 @@ if $cpid == 0
link_swdir.call swdir, Pathname.new('') link_swdir.call swdir, Pathname.new('')
# New environment # New environment
ENV.replace(Hash[ envvars.map { |x| [x, ENV[x]] } ]) new_env = Hash[ envvars.map { |x| [x, ENV[x]] } ]
# Finally, exec! # Finally, exec!
exec *execp exec(new_env, *execp, close_others: true, unsetenv_others: true)
end end
# Wait for a child. If we catch a signal, resend it to child and continue # Wait for a child. If we catch a signal, resend it to child and continue