mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-12-26 04:43:09 +03:00
build-fhs-userenv: don't leak file descriptors
This re-uses the capabilities documented in `Process.spawn` to avoid leaking unecessary file-descriptors to the sandbox
This commit is contained in:
parent
c3be340ae0
commit
9b33ec1764
@ -140,10 +140,10 @@ if $cpid == 0
|
||||
link_swdir.call swdir, Pathname.new('')
|
||||
|
||||
# New environment
|
||||
ENV.replace(Hash[ envvars.map { |x| [x, ENV[x]] } ])
|
||||
new_env = Hash[ envvars.map { |x| [x, ENV[x]] } ]
|
||||
|
||||
# Finally, exec!
|
||||
exec *execp
|
||||
exec(new_env, *execp, close_others: true, unsetenv_others: true)
|
||||
end
|
||||
|
||||
# Wait for a child. If we catch a signal, resend it to child and continue
|
||||
|
Loading…
Reference in New Issue
Block a user