opensource/podman
1
0
Fork 0
mirror of https://github.com/containers/podman.git synced 2025-08-06 19:44:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request from vrothberg/bz-2180483

Browse Source 
system service: unset listen fds on tcp
This commit is contained in:
OpenShift Merge Robot
2023-07-12 05:05:31 -04:00
committed by GitHub
parent 5444073581 3ad55f48bb
commit d3ac265fc5
1 changed files with 12 additions and 0 deletions

12
cmd/podman/system/service_abi.go

@ -96,6 +96,18 @@ func restService(flags *pflag.FlagSet, cfg *entities.PodmanConfig, opts entities
libpodRuntime.SetRemoteURI(uri.String())
}
// bugzilla.redhat.com/show_bug.cgi?id=2180483:
//
// Disable leaking the LISTEN_* into containers which
// are observed to be passed by systemd even without
// being socket activated as described in
// https://access.redhat.com/solutions/6512011.
for _, val := range []string{"LISTEN_FDS", "LISTEN_PID", "LISTEN_FDNAMES"} {
if err := os.Unsetenv(val); err != nil {
return fmt.Errorf("unsetting %s: %v", val, err)
}
}
// Set stdin to /dev/null, so shortnames will not prompt
devNullfile, err := os.Open(os.DevNull)
if err != nil {