close_range: add CLOSE_RANGE_UNSHARE
One of the use-cases of close_range() is to drop file descriptors just before
execve(). This would usually be expressed in the sequence:
unshare(CLONE_FILES);
close_range(3, ~0U);
as pointed out by Linus it might be desirable to have this be a part of
close_range() itself under a new flag CLOSE_RANGE_UNSHARE.
This expands {dup,unshare)_fd() to take a max_fds argument that indicates the
maximum number of file descriptors to copy from the old struct files. When the
user requests that all file descriptors are supposed to be closed via
close_range(min, max) then we can cap via unshare_fd(min) and hence don't need
to do any of the heavy fput() work for everything above min.
The patch makes it so that if CLOSE_RANGE_UNSHARE is requested and we do in
fact currently share our file descriptor table we create a new private copy.
We then close all fds in the requested range and finally after we're done we
install the new fd table.
Suggested-by: 
Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: 
Christian Brauner <christian.brauner@ubuntu.com>
Showing
- fs/file.c 58 additions, 7 deletionsfs/file.c
- fs/open.c 1 addition, 4 deletionsfs/open.c
- include/linux/fdtable.h 5 additions, 3 deletionsinclude/linux/fdtable.h
- include/uapi/linux/close_range.h 9 additions, 0 deletionsinclude/uapi/linux/close_range.h
- kernel/fork.c 6 additions, 5 deletionskernel/fork.c
Please register or sign in to comment