@@ -230,12 +230,9 @@ void ForkServer::CreateInitialNamespaces() {
230230 }
231231 Comms setup_comms (setup_socketpair.sock [0 ].Release ());
232232 setup_socketpair.sock [1 ].Close ();
233- int raw_userns_fd;
234- SAPI_RAW_CHECK (setup_comms.RecvFD (&raw_userns_fd), " receiving userns fd" );
235- initial_userns_fd_ = FDCloser (raw_userns_fd);
236- int raw_mntns_fd;
237- SAPI_RAW_CHECK (setup_comms.RecvFD (&raw_mntns_fd), " receiving mntns fd" );
238- initial_mntns_fd_ = FDCloser (raw_mntns_fd);
233+ SAPI_RAW_CHECK (setup_comms.RecvFD (&initial_userns_fd_),
234+ " receiving userns fd" );
235+ SAPI_RAW_CHECK (setup_comms.RecvFD (&initial_mntns_fd_), " receiving mntns fd" );
239236}
240237
241238void ForkServer::CreateInitialNamespacesImpl (Comms setup_comms) {
@@ -251,14 +248,14 @@ void ForkServer::CreateInitialNamespacesImpl(Comms setup_comms) {
251248 Namespace::InitializeInitialNamespaces (uid, gid);
252249 SAPI_RAW_PCHECK (chroot (" /realroot" ) == 0 ,
253250 " chrooting prior to dumping coverage" );
254- int userns_fd =
255- open (absl::StrCat (" /proc/self/ns/user" ).c_str (), O_RDONLY | O_CLOEXEC );
256- SAPI_RAW_PCHECK (userns_fd != -1 , " getting initial userns fd" );
257- int mntns_fd =
258- open (absl::StrCat (" /proc/self/ns/mnt" ).c_str (), O_RDONLY | O_CLOEXEC );
259- SAPI_RAW_PCHECK (mntns_fd != -1 , " getting initial mntns fd" );
260- SAPI_RAW_CHECK (setup_comms.SendFD (userns_fd), " sending mntns fd" );
261- SAPI_RAW_CHECK (setup_comms.SendFD (mntns_fd), " sending mntns fd" );
251+ FDCloser userns_fd (
252+ open (absl::StrCat (" /proc/self/ns/user" ).c_str (), O_RDONLY | O_CLOEXEC )) ;
253+ SAPI_RAW_PCHECK (userns_fd. get () != -1 , " getting initial userns fd" );
254+ FDCloser mntns_fd (
255+ open (absl::StrCat (" /proc/self/ns/mnt" ).c_str (), O_RDONLY | O_CLOEXEC )) ;
256+ SAPI_RAW_PCHECK (mntns_fd. get () != -1 , " getting initial mntns fd" );
257+ SAPI_RAW_CHECK (setup_comms.SendFD (userns_fd. get () ), " sending mntns fd" );
258+ SAPI_RAW_CHECK (setup_comms.SendFD (mntns_fd. get () ), " sending mntns fd" );
262259}
263260
264261void ForkServer::CreateForkserverSharedNetworkNamespace () {
@@ -280,18 +277,17 @@ void ForkServer::CreateForkserverSharedNetworkNamespace() {
280277 }
281278 Comms setup_comms (setup_socketpair.sock [0 ].Release ());
282279 setup_socketpair.sock [1 ].Close ();
283- int raw_netns_fd;
284- SAPI_RAW_CHECK (setup_comms.RecvFD (&raw_netns_fd), " receiving netns fd" );
285- shared_netns_fd_ = FDCloser (raw_netns_fd);
280+ SAPI_RAW_CHECK (setup_comms.RecvFD (&shared_netns_fd_), " receiving netns fd" );
286281}
287282
288283void ForkServer::CreateEmptyNetworkNamespaceImpl (Comms setup_comms) {
289284 SAPI_RAW_PCHECK (setns (initial_userns_fd_.get (), CLONE_NEWUSER ) == 0 ,
290285 " joining initial user namespace" );
291286 SAPI_RAW_PCHECK (unshare (CLONE_NEWNET ) == 0 , " unsharing netns" );
292- int netns_fd =
293- open (absl::StrCat (" /proc/self/ns/net" ).c_str (), O_RDONLY | O_CLOEXEC );
294- SAPI_RAW_CHECK (setup_comms.SendFD (netns_fd), " sending mntns fd" );
287+ FDCloser netns_fd (
288+ open (absl::StrCat (" /proc/self/ns/net" ).c_str (), O_RDONLY | O_CLOEXEC ));
289+ SAPI_RAW_PCHECK (netns_fd.get () != -1 , " getting netns fd" );
290+ SAPI_RAW_CHECK (setup_comms.SendFD (netns_fd.get ()), " sending mntns fd" );
295291}
296292
297293} // namespace sandbox2
0 commit comments