From 34e82f81bdbdd26b82501bc2d27d18aaab5747dd Mon Sep 17 00:00:00 2001
From: Qi Wang <qiwan@redhat.com>
Date: Fri, 31 Jul 2020 10:17:08 -0400
Subject: validate fds --preserve-fds

validate file descriptors passed from podman run and podman exec --preserve-fds.

Signed-off-by: Qi Wang <qiwan@redhat.com>
---
 pkg/rootless/rootless_linux.go | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'pkg/rootless/rootless_linux.go')

diff --git a/pkg/rootless/rootless_linux.go b/pkg/rootless/rootless_linux.go
index ccc8a1d94..c3f1fc7fa 100644
--- a/pkg/rootless/rootless_linux.go
+++ b/pkg/rootless/rootless_linux.go
@@ -32,6 +32,7 @@ extern uid_t rootless_gid();
 extern int reexec_in_user_namespace(int ready, char *pause_pid_file_path, char *file_to_read, int fd);
 extern int reexec_in_user_namespace_wait(int pid, int options);
 extern int reexec_userns_join(int pid, char *pause_pid_file_path);
+extern int is_fd_inherited(int fd);
 */
 import "C"
 
@@ -520,3 +521,8 @@ func ConfigurationMatches() (bool, error) {
 
 	return matches(GetRootlessGID(), gids, currentGIDs), nil
 }
+
+// IsFdInherited checks whether the fd is opened and valid to use
+func IsFdInherited(fd int) bool {
+	return int(C.is_fd_inherited(C.int(fd))) > 0
+}
-- 
cgit v1.2.3-54-g00ecf