Skip to content

libct: always close m.dstFile in mountToRootfs #5024

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
lifubang wants to merge 1 commit into from
Closed

libct: always close m.dstFile in mountToRootfs #5024

lifubang wants to merge 1 commit into from

Conversation

@lifubang
Copy link
Member

@lifubang lifubang commented Nov 18, 2025

No description provided.

cyphar
cyphar reviewed Nov 18, 2025
View reviewed changes
lifubang
lifubang commented Nov 18, 2025
View reviewed changes
libcontainer/rootfs_linux.go
defer dstFile.Close()
// "proc" and "sys" mounts need special handling (without resolving the
// destination) to avoid attacks.
m.dstFile = dstFile
Copy link
Member Author

@lifubang lifubang Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The leak happened in here.

Copy link
Member Author

@lifubang lifubang Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In fact, it happened in here: https://github.com/lifubang/runc/blob/c932c565b341eac8ac2be7f9762fa6bcfb06d027/libcontainer/rootfs_linux.go#L1454-L1455

Copy link
Member

@cyphar cyphar Nov 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah I see. I was confused because the line you linked here cannot be a leak, but the re-open is the issue. That's quite tricky, thanks for finding it...

@lifubang lifubang requested a review from Copilot November 18, 2025 11:35
Copilot AI reviewed Nov 18, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR moves the defer statement that closes m.dstFile from after the createOpenMountpoint call to the beginning of the mountToRootfs function. The intent is to ensure that m.dstFile is always closed regardless of which execution path is taken through the function.

  • Relocated the defer cleanup for m.dstFile to the function entry point for more comprehensive resource management

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@cyphar cyphar added easy-to-review backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Nov 18, 2025
@lifubang lifubang force-pushed the fix-fd-leak-in-mountToRootfs branch from c932c56 to b644a90 Compare November 19, 2025 01:48
@cyphar cyphar self-requested a review November 19, 2025 05:31
cyphar
cyphar requested changes Nov 19, 2025
View reviewed changes
libcontainer/rootfs_linux.go
if err != nil {
return err
}
defer dstFile.Close()
Copy link
Member

@cyphar cyphar Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't think it's necessary to remove this -- having the defer is clearer and Go allows for calling Close on the same *os.File multiple times without issue (they are no-ops).

Copy link
Member Author

@lifubang lifubang Nov 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, there’s no harm in keeping it. If removal isn’t necessary, I’ll revert to leaving it as is.

@lifubang lifubang force-pushed the fix-fd-leak-in-mountToRootfs branch from b644a90 to c932c56 Compare November 19, 2025 12:44
@cyphar
Copy link
Member

cyphar commented Nov 19, 2025
edited
Loading

I've released v0.5.2 and v0.6.1 of filepath-securejoin which includes the leak fix you sent -- do you want to consolidate all of the leak fixes into one PR so it's a bit easier to review? (For 1.2.x and 1.3.x I would update go-selinux to v1.13.1 so that we can downgrade filepath-securejoin to v0.5.2 -- for 1.4.x I think we can just use the newer one.)

@lifubang
Copy link
Member Author

lifubang commented Nov 20, 2025

do you want to consolidate all of the leak fixes into one PR so it's a bit easier to review?

#5026

@lifubang lifubang mentioned this pull request Nov 20, 2025
Merged
@cyphar
Copy link
Member

cyphar commented Nov 20, 2025

This has been cherry-picked into #5026, closing in favour of that.

@cyphar cyphar closed this Nov 20, 2025
This was referenced Nov 20, 2025
Merged
Merged
Merged
@cyphar cyphar removed backport/1.2-todo A PR in main branch which needs to be backported to release-1.2 backport/1.3-todo A PR in main branch which needs to be backported to release-1.3 backport/1.4-todo A PR in main branch which needs to backported to release-1.4 labels Nov 26, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cyphar cyphar cyphar requested changes

Assignees

No one assigned

Labels

easy-to-review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@lifubang @cyphar