* Systemd provides after authentication file descriptors.
These descriptors are problematic when we run exec - new process
usualy doesn't have access to this file descriptor.
* We came with this resolution - close all file descriptors
before running exec. This works in our testing environment well enoug.
---
src/do_command.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/do_command.c b/src/do_command.c
index 1239686..33d1a35 100644
--- a/src/do_command.c
+++ b/src/do_command.c
@@ -246,6 +246,12 @@ static int child_process(entry * e, char **jobenv) {
_exit(OK_EXIT);
}
#endif /*DEBUGGING*/
+ /* Close file descriptors so they will not leak into exec'ed command */
+ int fd;
+ int fdmax = getdtablesize();
+ for( fd = 3; fd < fdmax; fd++){
+ close(fd);
+ }
execle(shell, shell, "-c", e->cmd, (char *) 0, jobenv);
fprintf(stderr, "execl: couldn't exec `%s'\n", shell);
perror("execl");
--
1.9.0